Skip to content

Bump actions/checkout from 4.1.2 to 4.1.3 #80

Bump actions/checkout from 4.1.2 to 4.1.3

Bump actions/checkout from 4.1.2 to 4.1.3 #80

name: Build and publish Docker images
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
packages: write
env:
IMAGE_NAME: tuleap-test-phpunit
jobs:
build:
strategy:
matrix:
os_base: ["c7"]
php_base: ["php82", "php83"]
runs-on: ubuntu-22.04
steps:
- uses: actions/[email protected]
- name: Get lowercase base image name
run: echo BASE_IMAGE_NAME="$(echo ${{ github.repository_owner }} | tr '[A-Z]' '[a-z]')" >> $GITHUB_ENV
- name: Build image
run: docker build -t ghcr.io/${{ env.BASE_IMAGE_NAME }}/${{ env.IMAGE_NAME }}:${{ matrix.os_base }}-${{ matrix.php_base }} --build-arg="PHP_BASE=${{ matrix.php_base }}" -f ${{ matrix.os_base }}.dockerfile --label revision=${{ github.sha }} --label workflow_run_id=${{ github.run_id }} .
- name: Log into ghcr.io
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Install Cosign
uses: sigstore/[email protected]
- name: Publish image
run: docker push ghcr.io/${{ env.BASE_IMAGE_NAME }}/${{ env.IMAGE_NAME }}:${{ matrix.os_base }}-${{ matrix.php_base }}
- name: Sign Docker Image
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
run: |
export VAULT_TOKEN=$(curl "$VAULT_ADDR"/v1/auth/approle/login --silent --fail -X POST --data '{"role_id": "${{ secrets.VAULT_ROLE_ID_SIGNING }}", "secret_id": "${{ secrets.VAULT_SECRET_ID_SIGNING }}"}' | jq -r '.auth.client_token')
cosign sign --yes --tlog-upload=true --key hashivault://tuleap-additional-tools-signing "$(docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/${{ env.BASE_IMAGE_NAME }}/${{ env.IMAGE_NAME }}:${{ matrix.os_base }}-${{ matrix.php_base }})"