Add cosign + rename all github by gitea
Some checks failed
build-ublue-custom / Build and push image (push) Failing after 23s
Some checks failed
build-ublue-custom / Build and push image (push) Failing after 23s
This commit is contained in:
parent
503188431b
commit
974adf0aa8
2 changed files with 41 additions and 37 deletions
|
|
@ -14,9 +14,9 @@ on:
|
|||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
MY_IMAGE_NAME: "${{ github.event.repository.name }}" # the name of the image produced by this build, matches repo names
|
||||
MY_IMAGE_NAME: "${{ gitea.event.repository.name }}" # the name of the image produced by this build, matches repo names
|
||||
MY_IMAGE_DESC: "My Customized Universal Blue Image"
|
||||
IMAGE_REGISTRY: "gitea.mrdev023.fr/${{ github.repository_owner }}" # do not edit
|
||||
IMAGE_REGISTRY: "gitea.mrdev023.fr/${{ gitea.repository_owner }}" # do not edit
|
||||
|
||||
jobs:
|
||||
build_push:
|
||||
|
|
@ -45,8 +45,8 @@ jobs:
|
|||
BUILD_TAGS=()
|
||||
|
||||
# Have tags for tracking builds during pull request
|
||||
SHA_SHORT="${GITHUB_SHA::7}"
|
||||
COMMIT_TAGS+=("pr-${{ github.event.number }}")
|
||||
SHA_SHORT="${GITEA_SHA::7}"
|
||||
COMMIT_TAGS+=("pr-${{ gitea.event.number }}")
|
||||
COMMIT_TAGS+=("${SHA_SHORT}")
|
||||
|
||||
# Append matching timestamp tags to keep a version history
|
||||
|
|
@ -57,7 +57,7 @@ jobs:
|
|||
BUILD_TAGS+=("${TIMESTAMP}")
|
||||
BUILD_TAGS+=("latest")
|
||||
|
||||
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
|
||||
if [[ "${{ gitea.event_name }}" == "pull_request" ]]; then
|
||||
echo "Generated the following commit tags: "
|
||||
for TAG in "${COMMIT_TAGS[@]}"; do
|
||||
echo "${TAG}"
|
||||
|
|
@ -73,7 +73,7 @@ jobs:
|
|||
echo "${TAG}"
|
||||
done
|
||||
|
||||
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
|
||||
echo "alias_tags=${alias_tags[*]}" >> $GITEA_OUTPUT
|
||||
|
||||
# Build metadata
|
||||
- name: Image Metadata
|
||||
|
|
@ -84,7 +84,7 @@ jobs:
|
|||
${{ env.MY_IMAGE_NAME }}
|
||||
|
||||
labels: |
|
||||
io.artifacthub.package.readme-url=https://gitea.mrdev023.fr/${{ github.repository }}/raw/branch/main/README.md
|
||||
io.artifacthub.package.readme-url=https://gitea.mrdev023.fr/${{ gitea.repository }}/raw/branch/main/README.md
|
||||
org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
|
||||
org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}
|
||||
|
||||
|
|
@ -111,27 +111,27 @@ jobs:
|
|||
with:
|
||||
string: ${{ env.IMAGE_REGISTRY }}
|
||||
|
||||
# - name: Login to GitHub Container Registry
|
||||
# uses: docker/login-action@v3
|
||||
# with:
|
||||
# registry: ghcr.io
|
||||
# username: ${{ github.actor }}
|
||||
# password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- name: Login to GitHub Container Registry
|
||||
uses: https://github.com/docker/login-action@v3
|
||||
with:
|
||||
registry: gitea.mrdev023.fr
|
||||
username: ${{ secrets.USERNAME }}
|
||||
password: ${{ secrets.PASSWORD }}
|
||||
|
||||
# - name: Push Image to GHCR
|
||||
# uses: redhat-actions/push-to-registry@v2
|
||||
# id: push
|
||||
# env:
|
||||
# REGISTRY_USER: ${{ github.actor }}
|
||||
# REGISTRY_PASSWORD: ${{ github.token }}
|
||||
# with:
|
||||
# image: ${{ steps.build_image.outputs.image }}
|
||||
# tags: ${{ steps.build_image.outputs.tags }}
|
||||
# registry: ${{ steps.registry_case.outputs.lowercase }}
|
||||
# username: ${{ env.REGISTRY_USER }}
|
||||
# password: ${{ env.REGISTRY_PASSWORD }}
|
||||
# extra-args: |
|
||||
# --disable-content-trust
|
||||
- name: Push Image to GHCR
|
||||
uses: https://github.com/redhat-actions/push-to-registry@v2
|
||||
id: push
|
||||
env:
|
||||
REGISTRY_USER: ${{ secrets.USERNAME }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.PASSWORD }}
|
||||
with:
|
||||
image: ${{ steps.build_image.outputs.image }}
|
||||
tags: ${{ steps.build_image.outputs.tags }}
|
||||
registry: ${{ steps.registry_case.outputs.lowercase }}
|
||||
username: ${{ env.REGISTRY_USER }}
|
||||
password: ${{ env.REGISTRY_PASSWORD }}
|
||||
extra-args: |
|
||||
--disable-content-trust
|
||||
|
||||
# This section is optional and only needs to be enabled if you plan on distributing
|
||||
# your project for others to consume. You will need to create a public and private key
|
||||
|
|
@ -139,14 +139,14 @@ jobs:
|
|||
# to consume. For more details, review the image signing section of the README.
|
||||
|
||||
# Sign container
|
||||
# - uses: sigstore/cosign-installer@v3.5.0
|
||||
# if: github.event_name != 'pull_request'
|
||||
- uses: https://github.com/sigstore/cosign-installer@v3.5.0
|
||||
if: gitea.event_name != 'pull_request'
|
||||
|
||||
# - name: Sign container image
|
||||
# if: github.event_name != 'pull_request'
|
||||
# run: |
|
||||
# cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
|
||||
# env:
|
||||
# TAGS: ${{ steps.push.outputs.digest }}
|
||||
# COSIGN_EXPERIMENTAL: false
|
||||
# COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
|
||||
- name: Sign container image
|
||||
if: gitea.event_name != 'pull_request'
|
||||
run: |
|
||||
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
|
||||
env:
|
||||
TAGS: ${{ steps.push.outputs.digest }}
|
||||
COSIGN_EXPERIMENTAL: false
|
||||
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
|
||||
|
|
|
|||
4
cosign.pub
Normal file
4
cosign.pub
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmCGpDZ8x9OWr5AVR9aCqXiDB6tM5
|
||||
vlKUAUDfHZRDGPPzl+l/ymsrkxdeVhJO/Pg4OSMblrheOO3hYx1ZKWWscg==
|
||||
-----END PUBLIC KEY-----
|
||||
Loading…
Reference in a new issue