build_master_images #1076

Workflow file for this run

.github/workflows/build_master.yml at 818d601

	name: build_master_images

	'on':
	schedule:
	- cron: '30 2 * * *'
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.sha }}
	cancel-in-progress: true

	permissions: {}

	jobs:
	build_master:
	if: ${{ github.repository_owner == 'curl' \|\| github.event_name != 'schedule' }}
	name: 'build_multi_master'
	runs-on: 'ubuntu-latest'
	permissions:
	packages: write # To create/update container on ghcr.io
	steps:
	- name: 'login ghcr.io'
	uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
	with:
	username: '${{ github.actor }}'
	password: '${{ secrets.GITHUB_TOKEN }}'
	registry: 'ghcr.io/${{ github.repository_owner }}'
	- name: 'login docker hub'
	env:
	DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}'
	DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}'
	run: \|
	echo "${DOCKER_HUB_TOKEN}" \| podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io
	echo "${DOCKER_HUB_TOKEN}" \| docker login -u "${DOCKER_HUB_USER}" --password-stdin
	- name: 'login quay.io'
	env:
	QUAY_USER: '${{ secrets.QUAY_USER }}'
	QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}'
	run: \|
	echo "${QUAY_TOKEN}" \| podman login -u "${QUAY_USER}" --password-stdin quay.io
	echo "${QUAY_TOKEN}" \| docker login -u "${QUAY_USER}" --password-stdin quay.io
	- name: 'install dev deps'
	run: \|
	sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
	sudo apt-get -o Dpkg::Use-Pty=0 update
	sudo rm -f /var/lib/man-db/auto-update
	sudo apt-get -o Dpkg::Use-Pty=0 install -y \
	qemu-user-static buildah less git make podman clamav clamav-freshclam
	- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
	with:
	persist-credentials: false
	ref: 'main'
	- name: 'build master images'
	run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images
	- name: 'test image'
	run: buildah unshare make dist_name=localhost/curl release_tag=master test
	- name: 'install scan prereqs'
	run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy
	- name: 'security scan image'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	make image_name=localhost/curl:master scan
	- name: 'push images to github registry'
	run: \|
	buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master"
	buildah push curl-base:master "docker://ghcr.io/curl/curl-container/curl-base:master"
	buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master"
	- name: 'install Cosign'
	uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
	- name: 'sign image with a key'
	env:
	COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
	COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}'
	run: \|
	echo "${COSIGN_PRIVATE_KEY}" \| cosign sign -y --key /srv/stdin ghcr.io/curl/curl-container/curl-dev:master
	echo "${COSIGN_PRIVATE_KEY}" \| cosign sign -y --key /srv/stdin ghcr.io/curl/curl-container/curl-base:master
	echo "${COSIGN_PRIVATE_KEY}" \| cosign sign -y --key /srv/stdin ghcr.io/curl/curl-container/curl:master
	- name: 'verify image with public key'
	run: \|
	cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev:master
	cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base:master
	cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

build_master_images #1076

Workflow file

build_master_images #1076

Uh oh!

Jobs

Run details

Workflow file for this run