JustForFun/fedora_atomic_custom_image
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Add cosign + rename all github by gitea
Some checks failed
build-ublue-custom / Build and push image (push) Failing after 23s
Details

Browse source
This commit is contained in:
Florian RICHER 2024-10-11 21:53:14 +02:00
parent 503188431b
commit 974adf0aa8
2 changed files with 41 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
.gitea/workflows/build.yml
View file

@ -14,9 +14,9 @@ on:
workflow_dispatch: workflow_dispatch:
env: env:
MY_IMAGE_NAME: "${{ github.event.repository.name }}" # the name of the image produced by this build, matches repo names MY_IMAGE_NAME: "${{ gitea.event.repository.name }}" # the name of the image produced by this build, matches repo names
MY_IMAGE_DESC: "My Customized Universal Blue Image" MY_IMAGE_DESC: "My Customized Universal Blue Image"
IMAGE_REGISTRY: "gitea.mrdev023.fr/${{ github.repository_owner }}" # do not edit IMAGE_REGISTRY: "gitea.mrdev023.fr/${{ gitea.repository_owner }}" # do not edit
jobs: jobs:
build_push: build_push:
@ -45,8 +45,8 @@ jobs:
BUILD_TAGS=() BUILD_TAGS=()
# Have tags for tracking builds during pull request # Have tags for tracking builds during pull request
SHA_SHORT="${GITHUB_SHA::7}" SHA_SHORT="${GITEA_SHA::7}"
COMMIT_TAGS+=("pr-${{ github.event.number }}") COMMIT_TAGS+=("pr-${{ gitea.event.number }}")
COMMIT_TAGS+=("${SHA_SHORT}") COMMIT_TAGS+=("${SHA_SHORT}")
# Append matching timestamp tags to keep a version history # Append matching timestamp tags to keep a version history
@ -57,7 +57,7 @@ jobs:
BUILD_TAGS+=("${TIMESTAMP}") BUILD_TAGS+=("${TIMESTAMP}")
BUILD_TAGS+=("latest") BUILD_TAGS+=("latest")
if [[ "${{ github.event_name }}" == "pull_request" ]]; then if [[ "${{ gitea.event_name }}" == "pull_request" ]]; then
echo "Generated the following commit tags: " echo "Generated the following commit tags: "
for TAG in "${COMMIT_TAGS[@]}"; do for TAG in "${COMMIT_TAGS[@]}"; do
echo "${TAG}" echo "${TAG}"
@ -73,7 +73,7 @@ jobs:
echo "${TAG}" echo "${TAG}"
done done
echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT echo "alias_tags=${alias_tags[*]}" >> $GITEA_OUTPUT
# Build metadata # Build metadata
- name: Image Metadata - name: Image Metadata
@ -84,7 +84,7 @@ jobs:
${{ env.MY_IMAGE_NAME }} ${{ env.MY_IMAGE_NAME }}
labels: | labels: |
io.artifacthub.package.readme-url=https://gitea.mrdev023.fr/${{ github.repository }}/raw/branch/main/README.md io.artifacthub.package.readme-url=https://gitea.mrdev023.fr/${{ gitea.repository }}/raw/branch/main/README.md
org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }} org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }} org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}
@ -111,27 +111,27 @@ jobs:
with: with:
string: ${{ env.IMAGE_REGISTRY }} string: ${{ env.IMAGE_REGISTRY }}
# - name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
# uses: docker/login-action@v3 uses: https://github.com/docker/login-action@v3
# with: with:
# registry: ghcr.io registry: gitea.mrdev023.fr
# username: ${{ github.actor }} username: ${{ secrets.USERNAME }}
# password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.PASSWORD }}
# - name: Push Image to GHCR - name: Push Image to GHCR
# uses: redhat-actions/push-to-registry@v2 uses: https://github.com/redhat-actions/push-to-registry@v2
# id: push id: push
# env: env:
# REGISTRY_USER: ${{ github.actor }} REGISTRY_USER: ${{ secrets.USERNAME }}
# REGISTRY_PASSWORD: ${{ github.token }} REGISTRY_PASSWORD: ${{ secrets.PASSWORD }}
# with: with:
# image: ${{ steps.build_image.outputs.image }} image: ${{ steps.build_image.outputs.image }}
# tags: ${{ steps.build_image.outputs.tags }} tags: ${{ steps.build_image.outputs.tags }}
# registry: ${{ steps.registry_case.outputs.lowercase }} registry: ${{ steps.registry_case.outputs.lowercase }}
# username: ${{ env.REGISTRY_USER }} username: ${{ env.REGISTRY_USER }}
# password: ${{ env.REGISTRY_PASSWORD }} password: ${{ env.REGISTRY_PASSWORD }}
# extra-args: | extra-args: |
# --disable-content-trust --disable-content-trust
# This section is optional and only needs to be enabled if you plan on distributing # This section is optional and only needs to be enabled if you plan on distributing
# your project for others to consume. You will need to create a public and private key # your project for others to consume. You will need to create a public and private key
@ -139,14 +139,14 @@ jobs:
# to consume. For more details, review the image signing section of the README. # to consume. For more details, review the image signing section of the README.
# Sign container # Sign container
# - uses: sigstore/cosign-installer@v3.5.0 - uses: https://github.com/sigstore/cosign-installer@v3.5.0
# if: github.event_name != 'pull_request' if: gitea.event_name != 'pull_request'
# - name: Sign container image - name: Sign container image
# if: github.event_name != 'pull_request' if: gitea.event_name != 'pull_request'
# run: | run: |
# cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS} cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
# env: env:
# TAGS: ${{ steps.push.outputs.digest }} TAGS: ${{ steps.push.outputs.digest }}
# COSIGN_EXPERIMENTAL: false COSIGN_EXPERIMENTAL: false
# COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

4
cosign.pub Normal file
View file

@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmCGpDZ8x9OWr5AVR9aCqXiDB6tM5
vlKUAUDfHZRDGPPzl+l/ymsrkxdeVhJO/Pg4OSMblrheOO3hYx1ZKWWscg==
-----END PUBLIC KEY-----