From 8b87222f76fda44f81d54594aed38c9e31810e75 Mon Sep 17 00:00:00 2001
From: Ben Cotton <ben@kusari.dev>
Date: Thu, 19 Sep 2024 12:50:39 -0400
Subject: [PATCH] Add a job to build for pull requests

Fixes #103

Signed-off-by: Ben Cotton <ben@kusari.dev>
---
 .github/workflows/ci.yaml | 64 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 .github/workflows/ci.yaml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..f91ec45
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,64 @@
+#
+# Copyright 2024 The GUAC Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+name: ci
+
+on:
+  pull_request:
+    branches:
+      - main
+    types:
+      - opened
+      - synchronize
+      - reopened
+
+permissions:
+  actions: read
+  contents: read
+
+jobs:
+  build:
+    name: Build image
+    runs-on: ubuntu-latest
+    outputs:
+      image: ${{ env.IMAGE_URI }}
+      digest: ${{ steps.build_image.outputs.IMAGE_DIGEST }}
+    env:
+      IMAGE_URI: ghcr.io/${{ github.repository }}
+      BUILDER: paketobuildpacks/builder-jammy-full
+      BUILDPACK: paketo-buildpacks/nodejs
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # tag=v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup pack 
+        uses: buildpacks/github-actions/setup-pack@7fc3d673350db0fff960cc94a3b9b80e5b663ae2 # v5.0.0
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3.6.0 # main
+        with:
+          cosign-release: 'v2.4.0'
+      - name: Install crane
+        uses: imjasonh/setup-crane@5146f708a817ea23476677995bf2133943b9be0b # v0.1
+      - name: Build image
+        id: build_image 
+        run: |
+          #!/usr/bin/env bash
+          set -euo pipefail
+          pack build --env NODE_ENV=production ${IMAGE_URI}:ci${{ github.run_id }} --builder ${BUILDER} --buildpack ${BUILDPACK}
+          echo "IMAGE_DIGEST=$(crane digest ${IMAGE_URI}:ci${{ github.run_id }})" >> $GITHUB_OUTPUT