Skip to content
Publish Manifests

feat: adjust path to nfs share #1960

Sign in to view logs

feat: adjust path to nfs share

feat: adjust path to nfs share #1960

Workflow file for this run

.github/workflows/publish-manifests.yaml at 7243fb5
---
name: Publish Manifests
on:
workflow_dispatch: {}
push:
branches:
- main
paths:
- .github/workflows/publish-manifests.yaml
- kubernetes/**
permissions:
packages: write
id-token: write
attestations: write
env:
REPOSITORY: "ghcr.io/${{ github.repository_owner }}/kubernetes-manifests/${{ github.event.repository.name }}"
jobs:
publish-manifests:
name: Publish Manifest Artifact
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Install Cosign
uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
- name: Setup Flux
uses: fluxcd/flux2/action@5350425cdcd5fa015337e09fa502153c0275bd4b # v2.4.0
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: Create Manifest OCI Artifact
id: create
run: |
digest=$(flux push artifact \
oci://$REPOSITORY:$(git rev-parse --short HEAD) \
--path="./kubernetes" \
--source="${{ github.repositoryUrl }}" \
--revision="${{ github.ref_name }}@sha1:$(git rev-parse HEAD)" \
--output=json | \
jq -r '.digest')
echo "DIGEST_SHA=$digest" >> $GITHUB_OUTPUT
- name: Generate GitHub Attestation
uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2
with:
subject-name: ${{ env.REPOSITORY }}
subject-digest: ${{ steps.create.outputs.DIGEST_SHA }}
push-to-registry: true
- name: Generate Cosign Signature
run: |
cosign sign --yes "${{ env.REPOSITORY }}@${{ steps.create.outputs.DIGEST_SHA }}"
- name: Add :main Tag to OCI Artifact
run: |
flux tag artifact oci://$REPOSITORY:$(git rev-parse --short HEAD) --tag main