Merge pull request #37 from crazy-max/pin-versions #108
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: .test | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'releases/v*' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| jobs: | |
| build-aws-single: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| meta-images: | | |
| public.ecr.aws/q3b5f1u4/test-docker-action | |
| meta-tags: | | |
| type=raw,value=build-ghbuilder-single-${{ github.run_id }} | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| build-aws-single-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-aws-single | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-aws-single.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| build-aws: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| cache-scope: build-aws | |
| meta-images: | | |
| public.ecr.aws/q3b5f1u4/test-docker-action | |
| meta-tags: | | |
| type=raw,value=build-ghbuilder-${{ github.run_id }} | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-platforms: linux/amd64,linux/arm64 | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| build-aws-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-aws | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-aws.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| build-ghcr: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| meta-images: ghcr.io/docker/github-builder-test | |
| meta-tags: | | |
| type=raw,value=build-${{ github.run_id }} | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-platforms: linux/amd64,linux/arm64 | |
| secrets: | |
| registry-auths: | | |
| - registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| build-ghcr-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-ghcr | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-ghcr.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| build-dockerhub-stage: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| meta-images: registry-1-stage.docker.io/docker/github-builder-test | |
| meta-tags: | | |
| type=raw,value=build-${{ github.run_id }} | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-platforms: linux/amd64,linux/arm64 | |
| secrets: | |
| registry-auths: | | |
| - registry: registry-1-stage.docker.io | |
| username: ${{ vars.DOCKERHUB_STAGE_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_STAGE_TOKEN }} | |
| build-dockerhub-stage-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-dockerhub-stage | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-dockerhub-stage.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: registry-1-stage.docker.io | |
| username: ${{ vars.DOCKERHUB_STAGE_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_STAGE_TOKEN }} | |
| build-dockerhub-stage-oidc: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| meta-images: registry-1-stage.docker.io/docker/github-builder-test | |
| meta-tags: | | |
| type=raw,value=${{ github.run_id }},prefix=oidc- | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-platforms: linux/amd64,linux/arm64 | |
| secrets: | |
| registry-auths: | | |
| - registry: registry-1-stage.docker.io | |
| username: docker:cdeb5882-30b7-4076-be92-bfdceb258e9c | |
| build-dockerhub-stage-oidc-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| permissions: | |
| contents: read | |
| id-token: write | |
| needs: | |
| - build-dockerhub-stage-oidc | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-dockerhub-stage-oidc.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: registry-1-stage.docker.io | |
| username: docker:cdeb5882-30b7-4076-be92-bfdceb258e9c | |
| build-ghcr-and-aws: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| meta-images: | | |
| ghcr.io/docker/github-builder-test | |
| public.ecr.aws/q3b5f1u4/test-docker-action | |
| meta-tags: | | |
| type=raw,value=${{ github.run_id }},prefix=build-ghcr-and-aws- | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-platforms: linux/amd64,linux/arm64 | |
| secrets: | |
| registry-auths: | | |
| - registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| build-ghcr-and-aws-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-ghcr-and-aws | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-ghcr-and-aws.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| build-local: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: local | |
| push: ${{ github.event_name != 'pull_request' }} | |
| artifact-name: build-output | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-platforms: linux/amd64,linux/arm64 | |
| build-local-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-local | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-local.outputs) }} | |
| build-local-single: | |
| uses: ./.github/workflows/build.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| output: local | |
| push: ${{ github.event_name != 'pull_request' }} | |
| artifact-name: build-output-single | |
| build-file: test/hello.Dockerfile | |
| build-sbom: true | |
| build-local-single-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - build-local-single | |
| with: | |
| builder-outputs: ${{ toJSON(needs.build-local-single.outputs) }} | |
| bake-aws-single: | |
| uses: ./.github/workflows/bake.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| context: test | |
| target: hello | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| cache-scope: bake-aws | |
| meta-images: | | |
| public.ecr.aws/q3b5f1u4/test-docker-action | |
| meta-tags: | | |
| type=raw,value=bake-ghbuilder-single-${{ github.run_id }} | |
| bake-sbom: true | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| bake-aws-single-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - bake-aws-single | |
| with: | |
| builder-outputs: ${{ toJSON(needs.bake-aws-single.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| bake-aws: | |
| uses: ./.github/workflows/bake.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| context: test | |
| target: hello-cross | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| cache-scope: bake-aws | |
| meta-images: | | |
| public.ecr.aws/q3b5f1u4/test-docker-action | |
| meta-tags: | | |
| type=raw,value=bake-ghbuilder-${{ github.run_id }} | |
| bake-sbom: true | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| bake-aws-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - bake-aws | |
| with: | |
| builder-outputs: ${{ toJSON(needs.bake-aws.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| bake-ghcr-and-aws: | |
| uses: ./.github/workflows/bake.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| context: test | |
| target: hello-cross | |
| output: image | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| cache-scope: bake-aws | |
| meta-images: | | |
| ghcr.io/docker/github-builder-test | |
| public.ecr.aws/q3b5f1u4/test-docker-action | |
| meta-tags: | | |
| type=raw,value=${{ github.run_id }},prefix=bake-ghcr-and-aws- | |
| bake-sbom: true | |
| secrets: | |
| registry-auths: | | |
| - registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| bake-ghcr-and-aws-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - bake-ghcr-and-aws | |
| with: | |
| builder-outputs: ${{ toJSON(needs.bake-ghcr-and-aws.outputs) }} | |
| secrets: | |
| registry-auths: | | |
| - registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - registry: public.ecr.aws | |
| username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| bake-local: | |
| uses: ./.github/workflows/bake.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| context: test | |
| target: hello-cross | |
| output: local | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| artifact-name: bake-output | |
| bake-sbom: true | |
| bake-local-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - bake-local | |
| with: | |
| builder-outputs: ${{ toJSON(needs.bake-local.outputs) }} | |
| bake-local-single: | |
| uses: ./.github/workflows/bake.yml | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| with: | |
| context: test | |
| target: hello | |
| output: local | |
| push: ${{ github.event_name != 'pull_request' }} | |
| cache: true | |
| artifact-name: bake-output-single | |
| bake-sbom: true | |
| bake-local-single-verify: | |
| uses: ./.github/workflows/verify.yml | |
| if: ${{ github.event_name != 'pull_request' }} | |
| needs: | |
| - bake-local-single | |
| with: | |
| builder-outputs: ${{ toJSON(needs.bake-local-single.outputs) }} |