chore(main): release 4.7.0 #996

Workflow file for this run

.github/workflows/build-push.yml at 67653e7

	---
	name: Build & Push

	on:
	merge_group:
	pull_request:
	push:
	tags: ["v..*"]
	workflow_dispatch:

	concurrency:
	group: ${{ github.ref }}-${{ github.workflow }}
	cancel-in-progress: true

	permissions:
	contents: read

	env:
	REGISTRY: ghcr.io

	jobs:
	build-push:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	packages: write
	pull-requests: write
	# This is used to complete the identity challenge
	# with sigstore/fulcio when running outside of PRs.
	id-token: write
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
	with:
	persist-credentials: false
	- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
	if: github.event_name != 'merge_group'
	- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
	- uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0
	with:
	version: v0.12.1
	- uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
	if: github.event_name != 'merge_group'
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	id: metadata-base
	env:
	DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
	with:
	images: ${{ env.REGISTRY }}/${{ github.repository }}
	# Generate Docker tags based on the following events/attributes
	tags: \|
	type=raw,value=latest,enable={{is_default_branch}}
	type=ref,event=pr
	type=semver,pattern={{raw}}
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	- uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
	id: build-and-push-base
	with:
	file: .devcontainer/Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'merge_group' }}
	tags: ${{ steps.metadata-base.outputs.tags }}
	labels: ${{ steps.metadata-base.outputs.labels }}
	annotations: ${{ steps.metadata-base.outputs.annotations }}
	sbom: true
	provenance: true
	cache-from: type=gha
	cache-to: type=gha,mode=max
	- uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
	id: metadata-vscode
	env:
	DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
	with:
	images: ${{ env.REGISTRY }}/${{ github.repository }}-vscode
	# Generate Docker tags based on the following events/attributes
	tags: \|
	type=raw,value=latest,enable={{is_default_branch}}
	type=ref,event=pr
	type=semver,pattern={{raw}}
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}}
	# Generate image LABEL for devcontainer.metadata
	# the sed expression is a workaround for quotes being eaten in arrays (e.g. ["x", "y", "z"] -> ["x",y,"z"])
	- run: echo "metadata=$(jq -cj '.' .devcontainer/devcontainer-metadata-vscode.json \| sed 's/,"/, "/g')" >> "$GITHUB_OUTPUT"
	id: devcontainer-metadata
	- uses: docker/build-push-action@af5a7ed5ba88268d5278f7203fb52cd833f66d6e # v5.2.0
	id: build-and-push-vscode
	with:
	file: .devcontainer/Dockerfile
	platforms: linux/amd64,linux/arm64
	push: ${{ github.event_name != 'merge_group' }}
	tags: ${{ steps.metadata-vscode.outputs.tags }}
	labels: \|
	${{ steps.metadata-vscode.outputs.labels }}
	devcontainer.metadata=${{ steps.devcontainer-metadata.outputs.metadata }}
	annotations: ${{ steps.metadata-vscode.outputs.annotations }}
	sbom: true
	provenance: true
	cache-from: type=gha
	- uses: ./.github/actions/container-size-diff
	id: container-size-diff
	with:
	from-container: ${{ env.REGISTRY }}/${{ github.repository }}:latest
	to-container: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push-base.outputs.digest }}
	- uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0
	with:
	header: container-size-diff
	message: \|
	${{ steps.container-size-diff.outputs.size-diff-markdown }}
	- uses: anchore/sbom-action@9fece9e20048ca9590af301449208b2b8861333b # v0.15.9
	if: steps.build-and-push-base.outputs.digest != '' && github.event_name != 'merge_group'
	with:
	image: ${{ env.REGISTRY }}/${{ github.repository }}@${{ steps.build-and-push-base.outputs.digest }}
	dependency-snapshot: true
	- uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
	if: github.event_name == 'pull_request'
	with:
	comment-summary-in-pr: on-failure
	fail-on-severity: critical
	- name: Sign the images with GitHub OIDC token
	if: github.event_name != 'merge_group'
	# This step uses the GitHub OIDC identity token to provision an ephemeral certificate
	# against the sigstore community Fulcio instance.
	env:
	DIGEST_BASE: ${{ steps.build-and-push-base.outputs.digest }}
	DIGEST_VSCODE: ${{ steps.build-and-push-vscode.outputs.digest }}
	run: \|
	cosign sign --yes --recursive "${{ env.REGISTRY }}/${{ github.repository }}@${DIGEST_BASE}"
	cosign sign --yes --recursive "${{ env.REGISTRY }}/${{ github.repository }}-vscode@${DIGEST_VSCODE}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(main): release 4.7.0 #996

Workflow file

chore(main): release 4.7.0 #996

Jobs

Run details

Workflow file for this run