-
Notifications
You must be signed in to change notification settings - Fork 21
64 lines (61 loc) · 2.13 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#
# Copyright 2024 The GUAC Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: ci
on:
pull_request:
branches:
- main
types:
- opened
- synchronize
- reopened
permissions:
actions: read
contents: read
jobs:
build:
name: Build image
runs-on: ubuntu-latest
outputs:
image: ${{ env.IMAGE_URI }}
digest: ${{ steps.build_image.outputs.IMAGE_DIGEST }}
env:
IMAGE_URI: ghcr.io/${{ github.repository }}
BUILDER: paketobuildpacks/builder-jammy-full
BUILDPACK: paketo-buildpacks/nodejs
steps:
- name: Checkout code
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
- name: Login to GitHub Container Registry
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Setup pack
uses: buildpacks/github-actions/setup-pack@7fc3d673350db0fff960cc94a3b9b80e5b663ae2 # v5.0.0
- name: Install cosign
uses: sigstore/[email protected] # main
with:
cosign-release: 'v2.4.0'
- name: Install crane
uses: imjasonh/setup-crane@5146f708a817ea23476677995bf2133943b9be0b # v0.1
- name: Build image
id: build_image
run: |
#!/usr/bin/env bash
set -euo pipefail
pack build --env NODE_ENV=production ${IMAGE_URI}:ci${{ github.run_id }} --builder ${BUILDER} --buildpack ${BUILDPACK}
echo "IMAGE_DIGEST=$(crane digest ${IMAGE_URI}:ci${{ github.run_id }})" >> $GITHUB_OUTPUT