Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 #34
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow builds and pushes the monitoring docker image when a release tag is pushed. | |
| # The following secrets must be provided: | |
| # DOCKER_USERNAME: The username to log into the registry. | |
| # DOCKER_PASSWORD: The access token of the user to log into the registry. | |
| # DOCKER_URL: The base url of the repository. Example: `docker.io/interuss` or `interuss`. | |
| name: Publish monitoring image to Docker Registry (on new release tag) | |
| on: | |
| pull_request: # TODO: added for testing purposes, remove me before merging | |
| # push: | |
| # tags: | |
| # # To modify to trigger the job for fork's releases | |
| # # Note: GitHub's filter pattern capabilities are limited[1], so this | |
| # # pattern matches more often than it should. A more correct regex would | |
| # # be the one found in scripts/tag.sh. | |
| # # [1] https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
| # - "interuss/monitoring/v[0-9]+.[0-9]+.[0-9]+-?*" | |
| permissions: | |
| contents: read | |
| jobs: | |
| docker-hub-push: | |
| name: Build and Push to Docker Hub | |
| runs-on: ubuntu-latest | |
| # To modify to enable the job for forked repository | |
| if: github.repository == 'interuss/monitoring' | |
| permissions: | |
| id-token: write # needed for signing the images with GitHub OIDC Token | |
| steps: | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 | |
| - name: Job information | |
| run: | | |
| echo "Job information" | |
| echo "Trigger: ${{ github.event_name }}" | |
| echo "Host: ${{ runner.os }}" | |
| echo "Repository: ${{ github.repository }}" | |
| echo "Branch: ${{ github.ref }}" | |
| docker images | |
| cosign version | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| submodules: true | |
| fetch-depth: 0 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build, push and sign image | |
| env: | |
| DOCKER_URL: ${{ secrets.DOCKER_URL }} | |
| DOCKER_UPDATE_LATEST: false # TODO: changed for testing purposes, revert me to 'true' before merging | |
| DOCKER_SIGN: true | |
| CERT_IDENTITY: https://github.com/${{ github.workflow_ref }} | |
| CERT_ISSUER: https://token.actions.githubusercontent.com | |
| run: | | |
| build/build_and_push.sh |