Merge pull request #6 from sunilsinghc11/prtest #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-publish-scan | |
| on: | |
| push: | |
| branches: | |
| permissions: | |
| actions: read # for detecting the Github Actions environment. | |
| id-token: write # for creating OIDC tokens for signing. | |
| packages: write # for uploading attestation. | |
| contents: read | |
| jobs: | |
| build-publish-python: | |
| runs-on: ubuntu-latest | |
| env: | |
| # DOCKER_REPO: 'codeninjas-proj-docker-local' | |
| DOCKER_REPO: 'optum-app1-sunil-docker-local' | |
| IMAGE_NAME: 'my-very-cool-image:${{ github.run_number }}' | |
| JF_URL: https://${{ vars.JF_URL }}/ | |
| DOCKER_CLI_EXPERIMENTAL: enabled | |
| steps: | |
| # Use the specific setup-cli branch | |
| - name: Setup JFrog CLI | |
| uses: jfrog/setup-jfrog-cli@v4 | |
| id: setup-cli | |
| env: | |
| JF_URL: https://${{ vars.JF_URL }}/ | |
| JF_PROJECT: ${{ vars.JF_PROJECT }} | |
| with: | |
| oidc-provider-name: github-bidirect | |
| oidc-audience: github-jfrog-aud | |
| - name: Checkout the repository | |
| uses: actions/checkout@v4 | |
| - name: Cache Primes | |
| id: cache-primes | |
| uses: actions/cache@v4 | |
| with: | |
| path: /usr/lib/python3/dist-packages | |
| key: python_requirements1 | |
| - name: configure jfrog environment | |
| run: | | |
| # Use a curated repository for python dependencies resolution | |
| jf pip-config --repo-resolve=optum-app1-sunil-py-virtual | |
| - name: configure environment | |
| run: | | |
| pip install --upgrade pip | |
| python3 -m pip install --upgrade pip setuptools wheel sigstore | |
| wheel -h | |
| pip show setuptools | |
| echo $VIRTUAL_ENV | |
| - name: build project | |
| run: | | |
| jf pip install -r requirements.txt --module=jfrog-python-example | |
| python setup.py sdist bdist_wheel | |
| cd dist && echo "hashes=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT | |
| - name: publish python package | |
| run: | | |
| jf rt u dist/ optum-app1-sunil-py-virtual/example-projects/ --module=jfrog-python-example | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Authenticate Docker | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.JF_URL }} | |
| username: ${{ steps.setup-cli.outputs.oidc-user }} | |
| password: ${{ steps.setup-cli.outputs.oidc-token }} | |
| - name: Setup buildx instance | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| use: true | |
| platforms: linux/amd64,linux/arm64 | |
| install: true | |
| - name: docker build through | |
| run: | | |
| docker buildx ls | |
| jf docker --version | |
| jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} --platform linux/amd64,linux/arm64 --metadata-file metadata.json --push . | |
| - name: docker scan | |
| run: | | |
| jf docker pull ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} | |
| jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} | |
| #- name: docker build | |
| # run: | | |
| # jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-amd64 --platform linux/amd64 --load . | |
| # #docker images | |
| # jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-amd64 | |
| # jf docker push ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-amd64 | |
| # jf docker build --tag ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-arm64 --platform linux/arm64 --load . | |
| # #docker images | |
| # jf docker scan ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-arm64 | |
| # jf docker push ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-arm64 | |
| # #echo "docker images scanned, now lets push a fat manifest and the images" | |
| # #docker manifest create ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-amd64 ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}-arm64 | |
| # #echo "docker manifest created" | |
| # #docker manifest push ${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }} | |
| # #echo "docker manifest pushed" | |
| # #docker image save -o myimage.tar localhost:5000/myimage:latest | |
| - name: add docker package to build | |
| run: | | |
| echo "----------------" | |
| cat metadata.json | |
| echo "----------------" | |
| digest=$(cat metadata.json | jq '.["containerimage.digest"]') | |
| echo "digest=$digest" | |
| echo "${{ vars.JF_URL }}/${{ env.DOCKER_REPO }}/${{ env.IMAGE_NAME }}@$digest" > metadata.json | |
| jf rt build-docker-create ${{ env.DOCKER_REPO }} --image-file metadata.json | |
| - name: publish build info | |
| run: | | |
| jf rt build-collect-env | |
| jf rt build-add-dependencies . | |
| jf rt build-add-git | |
| jf rt build-publish | |
| - name: build scan | |
| run: | | |
| jf build-scan build-publish-scan | |