diff --git a/.forgejo/install_packages.sh b/.forgejo/install_packages.sh deleted file mode 100644 index 14b23b2..0000000 --- a/.forgejo/install_packages.sh +++ /dev/null @@ -1,2 +0,0 @@ -sudo apt-get update -qq -sudo apt-get -qq -y install buildah diff --git a/.forgejo/workflows/build.yml b/.forgejo/workflows/build.yml deleted file mode 100644 index aa5d94a..0000000 --- a/.forgejo/workflows/build.yml +++ /dev/null @@ -1,158 +0,0 @@ ---- -name: build-azure -on: - pull_request: - branches: - - main - schedule: - - cron: '05 10 * * *' # 10:05am UTC everyday - push: - branches: - - main - paths-ignore: - - '**/README.md' - workflow_dispatch: - -env: - MY_IMAGE_NAME: "${{ github.event.repository.name }}" # the name of the image produced by this build, matches repo names - MY_IMAGE_DESC: "Azure" - IMAGE_REGISTRY: "forge.babariviere.com/${{ github.repository_owner }}" # do not edit - FEDORA_MAJOR_VERSION: "latest" - -jobs: - build_push: - name: Build and push image - runs-on: ubuntu-latest - - permissions: - contents: read - packages: write - id-token: write - - steps: - # Checkout push-to-registry action GitHub repository - - name: Checkout Push to Registry action - uses: actions/checkout@v4 - - - name: Install packages - run: | - bash .forgejo/install_packages.sh - - - name: Generate tags - id: generate-tags - shell: bash - run: | - # Generate a timestamp for creating an image version history - TIMESTAMP="$(date +%Y%m%d)" - COMMIT_TAGS=() - BUILD_TAGS=() - - # Have tags for tracking builds during pull request - SHA_SHORT="${GITHUB_SHA::7}" - COMMIT_TAGS+=("pr-${{ github.event.number }}") - COMMIT_TAGS+=("${SHA_SHORT}") - - # Append matching timestamp tags to keep a version history - for TAG in "${BUILD_TAGS[@]}"; do - BUILD_TAGS+=("${TAG}-${TIMESTAMP}") - done - - BUILD_TAGS+=("${TIMESTAMP}") - BUILD_TAGS+=("${{ env.FEDORA_MAJOR_VERSION }}") - BUILD_TAGS+=("latest") - - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - echo "Generated the following commit tags: " - for TAG in "${COMMIT_TAGS[@]}"; do - echo "${TAG}" - done - - alias_tags=("${COMMIT_TAGS[@]}") - else - alias_tags=("${BUILD_TAGS[@]}") - fi - - echo "Generated the following build tags: " - for TAG in "${BUILD_TAGS[@]}"; do - echo "${TAG}" - done - - echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT - - # Build metadata - - name: Image Metadata - uses: docker/metadata-action@v5 - id: meta - with: - images: | - ${{ env.MY_IMAGE_NAME }} - - labels: | - io.artifacthub.package.readme-url=https://forge.babariviere.com/${{ github.repository }}/README.md - org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }} - org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }} - - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./Containerfile - # Postfix image name with -custom to make it a little more descriptive - # Syntax: https://docs.github.com/en/actions/learn-github-actions/expressions#format - image: ${{ env.MY_IMAGE_NAME }} - build-args: | - FEDORA_MAJOR_VERSION=${{ env.FEDORA_MAJOR_VERSION }} - tags: | - ${{ steps.generate-tags.outputs.alias_tags }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ env.IMAGE_REGISTRY }} - - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Push Image to GHCR - uses: redhat-actions/push-to-registry@v2 - id: push - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} - extra-args: | - --disable-content-trust - - # This section is optional and only needs to be enabled in you plan on distributing - # your project to others to consume. You will need to create a public and private key - # using Cosign and save the private key as a repository secret in Github for this workflow - # to consume. For more details, review the image signing section of the README. - - # Sign container - - uses: sigstore/cosign-installer@v3.7.0 - if: github.event_name != 'pull_request' - - - name: Sign container image - if: github.event_name != 'pull_request' - run: | - cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS} - env: - TAGS: ${{ steps.push.outputs.digest }} - COSIGN_EXPERIMENTAL: false - COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}