Skip to content

Commit

Permalink
Create main.yml
Browse files Browse the repository at this point in the history 
Added GitHub Actions
  • Loading branch information
@williammanning
williammanning authored Oct 22, 2024
1 parent ac8f95d commit 71143d1
Showing 1 changed file with 105 additions and 0 deletions.
105 changes: 105 additions & 0 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
name: Sample Python GitHub
on: workflow_dispatch

permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
contents: read #Ability to read the contents permission
security-events: write # Required for uploading code scanning
jobs:
build-publish-python:
runs-on: ubuntu-latest
env:
DOCKER_REPO: 'docker-prod-local'
IMAGE_NAME: 'python-test-image-gh'
outputs:
image: ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
digest: ${{ steps.build.outputs.digest }}
steps:
# Download the JFrog CLI and configure using JFrog Project and OIDC provider
- uses: jfrog/setup-jfrog-cli@v4
name: Setup JFrog CLI
id: setup-cli
env:
JF_URL: https://${{ vars.JF_URL }}/
JF_PROJECT: ${{ vars.JF_PROJECT }}
# Required for uploading code scanning.
JF_GIT_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
oidc-provider-name: jfrog-github-oidc

- name: Checkout the repository
uses: actions/checkout@v4


- name: configure jfrog environment
run: |
jf pip-config --repo-resolve=python-virtual
- name: configure environment
run: |
python3 -m pip install --upgrade pip setuptools wheel sigstore
wheel -h
pip show setuptools
echo $VIRTUAL_ENV
- name: build project
run: |
jf pip install -r requirements.txt --module=jfrog-python-example
python setup.py sdist bdist_wheel
cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
- name: publish python package
run: |
jf rt u dist/ python-virtual/example-projects/ --module=jfrog-python-example
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Authenticate Docker
uses: docker/login-action@v3
with:
registry: ${{ vars.JF_URL }}
username: ${{ vars.JF_USER }}
password: ${{ secrets.JF_ACCESS_TOKEN }}


- name: Build Docker image
uses: docker/build-push-action@v5
id: build
with:
push: true
platforms: linux/amd64 #, linux/arm64
tags: ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}


- name: docker scan
run: |
jf docker pull ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}
- name: add docker package to build
run: |
echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}" > metadata.json
jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json
- name: publish build info
run: |
jf rt bce
jf rt bp
- name: build scan
run: |
jf build-scan --fail=false
provenance:
needs: [build-publish-python]
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: ${{ needs.build-publish-python.outputs.image }}
digest: ${{ needs.build-publish-python.outputs.digest }}
private-repository: true
secrets:
registry-username: ${{ vars.JF_USER }}
registry-password: ${{ secrets.JF_ACCESS_TOKEN }}

0 comments on commit 71143d1

Please sign in to comment.