.github/workflows/pr-container-composite.yaml

refactor: use composite pr #1

Workflow file for this run

.github/workflows/pr-container-composite.yaml at 87f6e0a

	name: 'Build and Test and PR Container'
	inputs:
	job-name:
	description: "Job name to display on Slack messages."
	required: true
	type: string

	build-file:
	description: "Path to the container file."
	required: true
	type: string

	build-context:
	description: "Path to the build root dir."
	default: '.'
	type: string

	pr-filters:
	description: "YAML dictionary of lists of path filters."
	required: true
	type: string

	test-flags:
	description: "Arguments passed to docker run."
	default: ''
	type: string

	test-args:
	description: "Arguments passed to the container."
	default: ''
	type: string

	registry:
	description: "URL of the container registry."
	required: true
	type: string

	registry-user:
	description: "Username for the container registry."
	required: true
	type: string

	registry-repo:
	description: "Repo within container registry project."
	required: true
	type: string

	registry-tag-prefix:
	description: "Prefix to use when tagging container"
	default: ''
	type: string

	registry-tag-suffix:
	description: "Suffix to use when tagging container"
	default: ''
	type: string

	release-rules:
	description: "JSON list of rule dicts for what commit types trigger releases."
	default: \|
	[
	{"type": "major", "release": "major"},
	{"type": "minor", "release": "minor"},
	{"type": "patch", "release": "patch"},
	{"type": "no-release", "release": false},

	{"type": "chore", "release": "patch"},
	{"type": "refactor", "release": "patch"},
	{"type": "style", "release": "patch"},

	{"type": "docs", "release": false},
	{"type": "test", "release": false},
	{"type": "ci", "release": false},

	{"type": "feat", "release": "minor"},

	{"type": "revert", "release": "patch"},
	{"type": "perf", "release": "patch"},
	{"type": "fix", "release": "patch"},
	{"type": "build", "release": "patch"},
	]
	type: string

	release-branches:
	description: "JSON list of regex branch filters."
	default: \|
	[
	'+([0-9])?(.{+([0-9]),x}).x',
	'main'
	]
	type: string

	release-tag-format:
	description: "Semantic-release Github release tag format."
	default: '${version}'
	type: string

	slack-channel:
	description: "ID of the Slack channel to post updates to."
	required: true
	type: string

	status-failure:
	description: "Failure status for the message header."
	default: ':no_entry:'
	type: string

	cosign-public-key:
	description: "Public key for cosigning images."
	required: false
	type: string

	slack-token:
	description: "Authentication token for Slack."
	required: true

	registry-token:
	description: "Authentication token for the container registry."
	required: true

	cosign-private-key:
	description: "Private key for cosigning images."
	required: false

	cosign-password:
	description: "Private key password for cosigning images."
	required: false

	runs:
	using: "composite"
	steps:
	- name: clone repo
	uses: actions/checkout@v3

	- name: detect changed files
	uses: dorny/paths-filter@v2
	id: changes
	with:
	token: ${{ github.token }}
	filters: ${{ inputs.release-filters }}

	- name: annotate the ci run with changes
	run: >-
	echo "::notice title=Job: ${{ github.job }}::%0A
	Changes: ${{ steps.changes.outputs.changes }}"

	# setup
	- name: install cosign
	if: inputs.cosign-public-key != ''
	uses: sigstore/cosign-installer@v3.1.2

	- name: forward proxy settings
	run: \|
	echo "HTTP_PROXY=$HTTP_PROXY" >> $GITHUB_ENV
	echo "HTTPS_PROXY=$HTTPS_PROXY" >> $GITHUB_ENV
	echo "NO_PROXY=$NO_PROXY" >> $GITHUB_ENV

	- name: install buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver-opts: \|
	env.http_proxy=${{ env.HTTP_PROXY }}
	env.https_proxy=${{ env.HTTPS_PROXY }}
	"env.no_proxy='${{ env.NO_PROXY }}'"

	- name: login to container registry
	uses: docker/login-action@v2
	with:
	registry: ${{ inputs.registry }}
	username: ${{ inputs.registry-user }}
	password: ${{ inputs.registry-token }}

	- name: container metadata
	uses: docker/metadata-action@v5
	id: meta
	with:
	images: \|
	${{ inputs.registry }}/${{ inputs.registry-repo }}
	tags: \|
	type=ref,event=pr

	- name: build and push
	uses: docker/build-push-action@v5
	id: build
	with:
	file: ${{ inputs.build-file }}
	context: ${{ inputs.build-context }}
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	push: true
	github-token: ${{ github.token }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	provenance: true

	- name: cosign image with key
	if: inputs.cosign-public-key != ''
	run: \|
	cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${TAGS}@${DIGEST}"
	env:
	COSIGN_PRIVATE_KEY: ${{ inputs.cosign-private-key }}
	COSIGN_PASSWORD: ${{ inputs.cosign-password }}
	TAGS: ${{ steps.meta.outputs.tags }}
	DIGEST: ${{ steps.build.outputs.digest }}

	- name: cosign verify image
	if: inputs.cosign-public-key != ''
	env:
	COSIGN_PUBLIC_KEY: ${{ inputs.cosign-public-key }}
	TAGS: ${{ steps.meta.outputs.tags }}
	DIGEST: ${{ steps.build.outputs.digest }}
	run: \|
	cosign verify --key env://COSIGN_PUBLIC_KEY "${TAGS}@${DIGEST}"

	- name: annotate the ci run with container tags
	run: >-
	echo "::notice title=Job: ${{ github.job }} / ${{ inputs.job-name }}::%0A
	Pushed PR container assets!%0A
	- %0A
	docker pull ${{ steps.meta.outputs.tags }}%0A
	${{ steps.build.outputs.digest }}"

	- name: test
	if: ${{ inputs.test-flags != '' \|\| inputs.test-args != '' }}
	run: \|
	docker run \
	${{ inputs.test-flags }} \
	${{ inputs.registry }}/${{ inputs.registry-repo }}@${{ steps.build.outputs.digest }} \
	${{ inputs.test-args }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: use composite pr #1

Workflow file

refactor: use composite pr #1

Jobs

Run details

Workflow file for this run