Skip to content
This repository has been archived by the owner on Jan 14, 2024. It is now read-only.

Commit

Permalink
feat: gha for building / publishing on pr (#87)
Browse files Browse the repository at this point in the history
  • Loading branch information
marcoceppi authored Feb 28, 2023
1 parent 14b1b7c commit 1726d18
Show file tree
Hide file tree
Showing 2 changed files with 95 additions and 3 deletions.
29 changes: 26 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
name: build-ublue
on:
pull_request_target:
types: [labeled]
pull_request:
types:
- labeled
branches:
- main
paths-ignore:
Expand All @@ -23,7 +24,7 @@ jobs:
push-ghcr:
name: Build and push image
runs-on: ubuntu-22.04
if: contains(github.event.pull_request.labels.*.name, 'ok-to-build')
if: contains(github.event.pull_request.labels.*.name, 'ok-to-build') || github.event_name != 'pull_request'
permissions:
contents: read
packages: write
Expand Down Expand Up @@ -103,6 +104,7 @@ jobs:
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
Expand All @@ -117,9 +119,11 @@ jobs:
# Sign container
- uses: sigstore/cosign-installer@main
if: github.event_name != 'pull_request'

# Only needed when running `cosign sign` using a key
- name: Write signing key to disk
if: github.event_name != 'pull_request'
run: |
echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key
# DEBUG: get character count of key
Expand All @@ -129,18 +133,37 @@ jobs:

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Sign container image
if: github.event_name != 'pull_request'
run: |
cosign sign --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false

- name: Echo outputs
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push.outputs) }}"
- name: Upload Container Export
if: github.event_name == 'pull_request'
run: |
mkdir -p output
podman save -o output/image.tar ${{ steps.build_image.outputs.image }}
echo "image=${{ steps.build_image.outputs.image }}" >> output/meta
echo "tags=${{ steps.build_image.outputs.tags }}" >> output/meta
- name: Publish Artifact
uses: actions/upload-artifact@v2
if: github.event_name == 'pull_request'
with:
name: output
path: output

69 changes: 69 additions & 0 deletions .github/workflows/pr-publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
name: Publish PR builds

on:
workflow_run:
workflows: ["build-ublue"]
types:
- completed

env:
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}


jobs:
upload:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success'
steps:
- name: 'Download artifact'
uses: actions/[email protected]
with:
script: |
var artifacts = await github.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "output"
})[0];
var download = await github.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/output.zip', Buffer.from(download.data));
- run: unzip output.zip

- name: Load Container Image
id: load_image
run: |
podman load -i image.tar
cat meta >> $GITHUB_OUTPUT
- name: Lowercase Registry
id: registry_case
uses: ASzc/change-string-case-action@v5
with:
string: ${{ env.IMAGE_REGISTRY }}

- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request'
env:
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
with:
image: ${{ steps.load_image.outputs.image }}
tags: ${{ steps.load_image.outputs.tags }}
registry: ${{ steps.registry_case.outputs.lowercase }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust

0 comments on commit 1726d18

Please sign in to comment.