-
Notifications
You must be signed in to change notification settings - Fork 68
40 lines (34 loc) · 1.18 KB
/
build-publish-mcr.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# This Github action builds and publishes image to Azure Container Registry (ACR),
# from where it is automatically propagated to Microsoft Container Registry (MCR).
name: Build and publish to MCR
on:
push:
# Only release on supported semantic version tagging e.g. v0.0.1-rc.0
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-alpha.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+'
permissions:
contents: read
jobs:
publish-images:
permissions:
contents: read
id-token: write # This is required for requesting the JWT
runs-on:
labels: [self-hosted, "1ES.Pool=${{ vars.RELEASE_1ES_POOL }}"]
steps:
- name: Harden Runner
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
with:
egress-policy: audit
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- uses: ./.github/actions/install-deps
- name: Build and publish image
run: |
az login --identity
ko version
RELEASE_ACR=${{ secrets.AZURE_REGISTRY }} ./hack/release/release.sh