Skip to content

async synchronize target reset #116

async synchronize target reset

async synchronize target reset #116

Workflow file for this run

name: release-image
on:
push:
branches:
- 3.x
paths-ignore:
- README.md
- charts/**
- manifest/**
permissions:
contents: read
packages: write
id-token: write
jobs:
push-policy-reporter:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Push image
id: params
run: |
# Strip git ref prefix from version
VERSION=$(git rev-parse --short "$GITHUB_SHA")
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
echo VERSION=$VERSION
echo "VERSION=$VERSION" >> "$GITHUB_ENV"
- name: Login to Github Packages
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
id: buildx
with:
install: true
version: latest
- name: Build image and push to GitHub Container Registry
uses: docker/build-push-action@v3
id: push
with:
push: true
platforms: linux/arm64,linux/amd64
cache-from: type=registry,ref=ghcr.io/kyverno/policy-reporter:buildcache
cache-to: type=registry,ref=ghcr.io/kyverno/policy-reporter:buildcache,mode=max
tags: |
ghcr.io/kyverno/policy-reporter:${{ env.VERSION }}
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache-dependency-path: go.sum
- uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2.0.0
with:
version: v1
args: app -licenses -json -output policy-reporter-bom.cdx.json -main .
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: policy-reporter-bom-cdx
path: policy-reporter-bom.cdx.json
- name: Install Cosign
uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
- shell: bash
env:
COSIGN_REPOSITORY: ghcr.io/kyverno/signatures
run: |
set -e
cosign sign --yes \
-a "repo=${{ github.repository }}" \
-a "workflow=${{ github.workflow }}" \
-a "ref=${{ github.sha }}" \
ghcr.io/kyverno/policy-reporter@${{ steps.push.outputs.digest }}
- shell: bash
env:
COSIGN_REPOSITORY: ghcr.io/kyverno/sbom
run: |
cosign attach sbom --sbom ./policy-reporter-bom.cdx.json --type cyclonedx ghcr.io/kyverno/policy-reporter@${{ steps.push.outputs.digest }}