Skip to content
Build and publish

Fix decai (r2ai) and add sbom #23

Sign in to view logs

Fix decai (r2ai) and add sbom

Fix decai (r2ai) and add sbom #23

Workflow file for this run

.github/workflows/publish.yaml at dca54ff
name: Build and publish
on:
workflow_call: # called on version update detected
workflow_dispatch: # can be manually dispatched under GitHub's "Actions" tab
push:
branches:
- 'main'
paths:
- 'config/**'
- 'docker/**'
- 'versions.mk'
concurrency:
group: "publish"
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
arch:
- amd64
- arm64
- armhf
- i386
- ppc64el
- riscv64
- s390x
steps:
# Perform the checkout of the main branch
- name: Checkout
uses: actions/checkout@v4
with:
ref: main
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build snap
run: make snap-buildx SNAP_ARCH=${{ matrix.arch }}
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: snap-${{ matrix.arch }}
path: snaps/radare2_*.snap
if-no-files-found: error
retention-days: 1
compression-level: 0
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push docker image
run: make docker-buildx-push REGISTRY_IMAGE=${{ vars.DOCKERHUB_REPO }} SNAP_ARCH=${{ matrix.arch }}
- name: Upload docker digest
uses: actions/upload-artifact@v4
with:
name: docker-digest-${{ matrix.arch }}
path: digests/*
if-no-files-found: error
retention-days: 1
- name: Lookup for snap file
id: snap
run: echo "file=$(find snaps -name \*.snap)" >> $GITHUB_OUTPUT
- name: Publish snap
uses: snapcore/action-publish@v1
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
with:
snap: ${{ steps.snap.outputs.file }}
release: stable
merge:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write # needed for signing the images with GitHub OIDC Token
needs:
- build
steps:
# Perform the checkout of the main branch
- name: Checkout
uses: actions/checkout@v4
with:
ref: main
- name: Download digests
uses: actions/download-artifact@v4
with:
path: digests
pattern: docker-digest-*
merge-multiple: true
- name: Install Cosign
uses: sigstore/cosign-installer@v3.5.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Create manifest list and push
run: make docker-push-multiarch REGISTRY_IMAGE=${{ vars.DOCKERHUB_REPO }} DOCKER_TAG=latest
- name: Sign the images with GitHub OIDC Token
env:
COSIGN_EXPERIMENTAL: '1'
run: cosign sign --yes --recursive --registry-referrers-mode=oci-1-1 ${{ vars.DOCKERHUB_REPO }}:latest
sbom:
runs-on: ubuntu-latest
continue-on-error: true
permissions:
id-token: write
contents: write
needs:
- build
steps:
- name: Install Syft
uses: anchore/sbom-action/download-syft@v0
- name: Download digests
uses: actions/download-artifact@v4
with:
name: docker-digest-amd64
- name: Generate SBOM with Syft
run: syft scan registry:${{ vars.DOCKERHUB_REPO }}@$(cat amd64.iidfile) --select-catalogers "+sbom-cataloger" --output spdx-json=docker.spdx.json
- name: Upload SBOM artifact
uses: actions/upload-artifact@v4
with:
name: docker-sbom
path: docker.spdx.json
- name: Upload SBOM to GitHub dependency submission API
uses: advanced-security/spdx-dependency-submission-action@v0.1.1