Skip to content

Merge pull request #27 from kyverno/basic-auth #21

Merge pull request #27 from kyverno/basic-auth

Merge pull request #27 from kyverno/basic-auth #21

Workflow file for this run

name: image
on:
push:
tags:
- v*
permissions:
contents: read
packages: write
id-token: write
jobs:
push-policy-reporter-kyverno-plugin:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Push image
id: params
run: |
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
[[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
echo VERSION=$VERSION
echo "::set-output name=version::$VERSION"
- name: Login to Github Packages
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
id: buildx
with:
install: true
version: latest
- name: Build image and push to GitHub Container Registry
uses: docker/build-push-action@v3
id: push
with:
push: true
platforms: linux/arm64,linux/amd64,linux/s390x
tags: |
ghcr.io/kyverno/policy-reporter-kyverno-plugin:latest
ghcr.io/kyverno/policy-reporter-kyverno-plugin:${{ steps.params.outputs.version }}
- uses: CycloneDX/gh-gomod-generate-sbom@d4aee0cf5133055dbd98899978246c10c18c440f # v1.1.0
with:
version: v1
args: app -licenses -json -output policy-reporter-kyverno-plugin-bom.cdx.json -main .
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: policy-reporter-kyverno-plugin-bom-cdx
path: policy-reporter-kyverno-plugin-bom.cdx.json
- name: Install Cosign
uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
with:
cosign-release: 'v1.13.0'
- shell: bash
env:
COSIGN_EXPERIMENTAL: 'true'
COSIGN_REPOSITORY: ghcr.io/kyverno/signatures
run: |
set -e
cosign sign \
-a "repo=${{ github.repository }}" \
-a "workflow=${{ github.workflow }}" \
-a "ref=${{ github.sha }}" \
ghcr.io/kyverno/policy-reporter-kyverno-plugin@${{ steps.push.outputs.digest }}
- shell: bash
env:
COSIGN_REPOSITORY: ghcr.io/kyverno/sbom
run: |
cosign attach sbom --sbom ./policy-reporter-kyverno-plugin-bom.cdx.json --type cyclonedx ghcr.io/kyverno/policy-reporter-kyverno-plugin@${{ steps.push.outputs.digest }}