chore(deps): update quay.io/sclorg/nodejs-20-minimal-c9s docker digest to 63e9c97 #844
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push to GHCR | |
| on: | |
| pull_request: | |
| branches: [ "main" ] | |
| push: | |
| branches: [ "main" ] | |
| schedule: | |
| - cron: "0 1 * * *" # Run once every day | |
| env: | |
| REPO: website | |
| PLATFORMS: linux/amd64 | |
| jobs: | |
| build_and_push_docker_images: | |
| name: Push Docker image to GHCR | |
| permissions: | |
| packages: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 | |
| - name: Build Production Images | |
| id: build-image | |
| uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2 | |
| with: | |
| image: pacman | |
| tags: latest ${{ github.sha }} | |
| containerfiles: | | |
| ./Containerfile | |
| # PUSH | |
| - name: Push To GHCR | |
| if: github.event_name != 'pull_request' | |
| id: push-to-ghcr | |
| uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ github.token }} | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: ghcr.io/${{ github.repository_owner }} | |
| # SIGN | |
| - uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 | |
| if: github.event_name != 'pull_request' | |
| - name: Sign GHCR Image | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| cosign login ghcr.io -u ${{ github.actor }} -p ${{ github.token }} | |
| cosign sign -y --key env://COSIGN_PRIVATE_KEY ghcr.io/${{ github.repository_owner }}/${{ steps.build-image.outputs.image }}@${GHCR_TAGS} | |
| env: | |
| COSIGN_EXPERIMENTAL: false | |
| GHCR_TAGS: ${{ steps.push-to-ghcr.outputs.digest }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| - name: Print image URLs | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| echo "Image pushed to ${{ steps.push-to-ghcr.outputs.registry-paths }}" |