Skip to content

add loggin info

add loggin info #25

name: Docker Image CI
on:
push:
branches: [ main, kwasm-lifecycle-manager ]
tags: [ '*' ]
pull_request:
branches: [ main ]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
buildx:
runs-on: ubuntu-latest
permissions:
# cosign uses the GitHub OIDC token
id-token: write
# needed to upload artifacts to a GH release
contents: write
packages: write
repository-projects: write
steps:
- # Checkout Repository
name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- # Set up QEMU
name: Set up QEMU
uses: docker/setup-qemu-action@v1
- # Setup Docker buildx
name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- # Install cosign
name: Install Cosign
uses: sigstore/[email protected]
with:
cosign-release: v2.2.0
- # Login into registry
name: Login to GitHub Container Registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- # Extract Docker metadata
name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- # Build and push to GHCR Registry
name: Build and push Docker image
uses: docker/build-push-action@v5
id: build-tagged
with:
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
labels: ${{ steps.meta.outputs.labels }}
file: Dockerfile
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
${{ steps.meta.outputs.tags }}
- # Keyless signing of Image with Cosign
name: Sign the image with GitHub OIDC token
shell: bash
run: |
cosign sign \
--yes \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:@${{ steps.build-tagged.outputs.digest }}
- # Prepare verification assets
name: Prepare assets for upload
if: runner.os != 'Windows'
shell: bash
run: |
mkdir _dist
cat <<EOF > verify.txt
cosign verify \\
--certificate-identity https://github.com/${{ github.workflow_ref }} \\
--certificate-oidc-issuer https://token.actions.githubusercontent.com \\
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:@${{ steps.build-tagged.outputs.digest }}
EOF
cp verify.txt _dist/
- # Upload verification assets
name: upload binary as GitHub artifact
if: runner.os != 'Windows'
uses: actions/upload-artifact@v3
with:
name: kwasm
path: _dist/
- # Configure Git
name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- # Install Helm
name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.10.0
- # Run chart-releaser
name: Run chart-releaser
if: github.ref == 'refs/heads/main'
uses: helm/[email protected]
env:
CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"