Add new yaml validation around checks nature (Automated or Manual) (#… #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- 'v*' | |
jobs: | |
publish: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
# write is needed for: | |
# - OIDC for cosign's use in ecm-distro-tools/publish-image. | |
# - Read vault secrets in rancher-eio/read-vault-secrets. | |
id-token: write | |
strategy: | |
# For sequential execution, to leverage both docker buildx | |
# caching and to avoid each job having to push the same layers | |
# to the target registry. | |
max-parallel: 1 | |
matrix: | |
include: | |
# Three images are created: | |
# - Multi-arch manifest for both amd64 and arm64 | |
- tag-suffix: "" | |
platforms: linux/amd64,linux/arm64 | |
# - arm64 manifest | |
- tag-suffix: "-arm64" | |
platforms: linux/arm64 | |
# - amd64 manifest | |
- tag-suffix: "-amd64" | |
platforms: linux/amd64 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Load Secrets from Vault | |
uses: rancher-eio/read-vault-secrets@main | |
with: | |
secrets: | | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials username | DOCKER_USERNAME ; | |
secret/data/github/repo/${{ github.repository }}/dockerhub/rancher/credentials password | DOCKER_PASSWORD ; | |
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ; | |
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ; | |
secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD | |
- name: Publish manifest | |
uses: rancher/ecm-distro-tools/actions/publish-image@master | |
with: | |
image: security-scan | |
tag: ${{ github.ref_name }}${{ matrix.tag-suffix }} | |
platforms: ${{ matrix.platforms }} | |
public-registry: docker.io | |
public-repo: rancher | |
public-username: ${{ env.DOCKER_USERNAME }} | |
public-password: ${{ env.DOCKER_PASSWORD }} | |
prime-registry: ${{ env.PRIME_REGISTRY }} | |
prime-repo: rancher | |
prime-username: ${{ env.PRIME_REGISTRY_USERNAME }} | |
prime-password: ${{ env.PRIME_REGISTRY_PASSWORD }} |