From c922baa397e337c312de42450869f945ef6bb4e4 Mon Sep 17 00:00:00 2001 From: Rucciva Date: Thu, 21 Sep 2023 13:25:37 +0700 Subject: [PATCH] init --- .github/workflows/docker.yaml | 56 +++++++++++++++++++++++++++++++++++ Dockerfile | 20 +++++++++++++ cosign.pub | 4 +++ 3 files changed, 80 insertions(+) create mode 100644 .github/workflows/docker.yaml create mode 100644 Dockerfile create mode 100644 cosign.pub diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..902d64b --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,56 @@ +name: docker + +on: + push: + tags: + - "v*" + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository_owner }}/linkerd-await + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - id: docker_meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + - id: docker_build + name: Build and push Docker image + uses: docker/build-push-action@v3 + with: + platforms: linux/amd64 + push: true + tags: ${{ steps.docker_meta.outputs.tags }} + labels: ${{ steps.docker_meta.outputs.labels }} + + - name: Install Cosign + uses: sigstore/cosign-installer@main + + - name: Sign image with a key + run: | + cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAME,,}@${IMAGE_DIGEST} --yes + env: + IMAGE_NAME: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + IMAGE_DIGEST: ${{ steps.docker_build.outputs.digest }} + COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} + COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ac91254 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +ARG LINKERD_AWAIT_VERSION=v0.2.7 +ARG LINKERD_AWAIT_ARCH=amd64 + + + +FROM curlimages/curl as downloader + +ARG LINKERD_AWAIT_VERSION +ARG LINKERD_AWAIT_ARCH + +RUN curl \ + -sSLo /tmp/linkerd-await \ + https://github.com/linkerd/linkerd-await/releases/download/release%2F${LINKERD_AWAIT_VERSION}/linkerd-await-${LINKERD_AWAIT_VERSION}-${LINKERD_AWAIT_ARCH} \ + && chmod 755 /tmp/linkerd-await + + + +FROM alpine:3.18 + +COPY --from=downloader /tmp/linkerd-await /usr/local/bin/linkerd-await \ No newline at end of file diff --git a/cosign.pub b/cosign.pub new file mode 100644 index 0000000..3f2c8c5 --- /dev/null +++ b/cosign.pub @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzuGBPnhwHllUv1ON0rlIWVnmvmmc +zlpjceQRabKFZm5Su6d9hreRPSJKYdGv4mhN9Ef76VhjnHGdj3IvmK7waQ== +-----END PUBLIC KEY-----