01 - Try to upgrade snapshots #767
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 01 - Try to upgrade snapshots | |
on: | |
schedule: | |
- cron: "42 * * * *" | |
workflow_dispatch: # allow manually triggering builds | |
jobs: | |
snapshot-upgrades: | |
name: Run package upgrades on snapshot tag | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
strategy: | |
fail-fast: false # stop GH from cancelling all matrix builds if one fails | |
matrix: | |
image: | |
- fedora-kinoite-laptop | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
install: true | |
driver: docker-container | |
- name: Install cosign | |
uses: sigstore/[email protected] | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
id: build-and-push | |
continue-on-error: true # This failing will usually just mean there were no updates | |
uses: docker/build-push-action@v5 | |
with: | |
context: "{{defaultContext}}:recipes" | |
file: ${{ format('Containerfile.{0}-update-snapshot', matrix.image) }} | |
push: true | |
tags: ghcr.io/${{ github.actor }}/${{ matrix.image }}:snapshot | |
- name: Sign with cosign | |
if: ${{ steps.build-and-push.outcome == 'success' }} | |
env: | |
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} | |
DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
shell: bash | |
run: | | |
cosign sign --key=env://COSIGN_PRIVATE_KEY --recursive "ghcr.io/${{ github.actor }}/${{ matrix.image }}@$DIGEST" | |
- name: Pass job | |
shell: bash | |
run: /usr/bin/true |