Push KubeArmor Relay Image to Docker #24

Workflow file for this run

.github/workflows/ci-latest-release.yml at 65910d6

	name: Push KubeArmor Relay Image to Docker

	on:
	push:
	branches: [main, v*]

	paths:
	- "relay-server/**"
	- "!STABLE-RELEASE"
	- ".github/workflows/ci-latest-release.yml"

	create:
	branches:
	- "v*"

	jobs:
	push-docker-img:
	name: Create and push docker image
	if: github.repository == 'kubearmor/kubearmor-relay-server'
	runs-on: ubuntu-latest-16-cores
	permissions:
	id-token: write
	timeout-minutes: 20
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2
	with:
	platforms: linux/amd64,linux/arm64/v8

	- name: Login to Docker Hub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_AUTHTOK }}

	- name: Push images to Docker
	run: \|
	if [ ${{ github.ref }} == "refs/heads/main" ]; then
	TAG=latest
	else
	TAG=${GITHUB_REF#refs/*/}
	fi
	./relay-server/build/push_img.sh $TAG

	- name: Install Cosign
	uses: sigstore/cosign-installer@main

	- name: Get Image Digest
	id: digest
	run: \|
	echo "imagedigest=$(jq -r '.["containerimage.digest"]' kubearmor-relay-server.json)" >> $GITHUB_OUTPUT

	- name: Sign the Container Images
	run: \|
	cosign sign -r kubearmor/kubearmor-relay-server@${{ steps.digest.outputs.imagedigest }} --yes

	push-stable-version:
	name: Create kubearmor-relay stable release
	needs: push-docker-img
	if: github.ref != 'refs/heads/main'
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	timeout-minutes: 30
	steps:
	- uses: actions/checkout@v3
	with:
	ref: main

	- name: Install regctl
	run: \|
	curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
	chmod 755 regctl
	mv regctl /usr/local/bin

	- name: Check install
	run: regctl version

	- name: Get tag
	id: match
	run: \|
	value=`cat STABLE-RELEASE`
	if [ ${{ github.ref }} == "refs/heads/$value" ]; then
	echo "tag=true" >> $GITHUB_OUTPUT
	else
	echo "tag=false" >> $GITHUB_OUTPUT
	fi

	- name: Login to Docker Hub
	if: steps.match.outputs.tag == 'true'
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_AUTHTOK }}

	- name: Generate the stable version of kubearmor-relay in Docker Hub
	if: steps.match.outputs.tag == 'true'
	run: \|
	STABLE_VERSION=`cat STABLE-RELEASE`
	regctl image copy kubearmor/kubearmor-relay-server:$STABLE_VERSION kubearmor/kubearmor-relay-server:stable --digest-tags

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Push KubeArmor Relay Image to Docker #24

Workflow file

Push KubeArmor Relay Image to Docker #24

Jobs

Run details

Workflow file for this run