GHA/build_master*: drop branch name from checkout, it is the default … #1068

Workflow file for this run

.github/workflows/build_master_dev.yml at 3188117

	name: build_dev_master_images

	'on':
	schedule:
	- cron: '30 2 * * *'
	push:
	branches:
	- main

	concurrency:
	group: ${{ github.workflow }}-${{ github.sha }}
	cancel-in-progress: true

	permissions: {}

	jobs:
	build_dev_master:
	if: ${{ github.repository_owner == 'curl' \|\| github.event_name != 'schedule' }}
	name: 'build_dev_master'
	runs-on: 'ubuntu-latest'
	permissions:
	packages: write # To create/update container on ghcr.io
	steps:
	- name: 'install dev deps'
	run: \|
	sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources}
	sudo apt-get -o Dpkg::Use-Pty=0 update
	sudo apt-get -o Dpkg::Use-Pty=0 install \
	qemu-user-static buildah less git make podman clamav clamav-freshclam

	- name: 'install prereqs'
	run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy

	- name: 'versions'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	podman --version; docker --version; cosign version

	- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
	with:
	persist-credentials: false

	- name: 'build image: dev-debian'
	run: buildah unshare make branch_or_ref=master release_tag=master build_debian

	- name: 'test image: dev-debian'
	run: buildah unshare make dist_name=localhost/curl-dev-debian release_tag=master test

	- name: 'security scan image: dev-debian'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	make image_name=localhost/curl-dev-debian:master scan

	- name: 'login (ghcr.io)'
	env:
	REGISTRY_USER: '${{ github.repository_owner }}'
	REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
	run: \|
	echo "${REGISTRY_TOKEN}" \| podman login -u "${REGISTRY_USER}" --password-stdin ghcr.io/"${GITHUB_REPOSITORY_OWNER}"
	echo "${REGISTRY_TOKEN}" \| docker login -u "${REGISTRY_USER}" --password-stdin ghcr.io/"${GITHUB_REPOSITORY_OWNER}"

	- name: 'push images: dev-debian (ghcr.io)'
	run: buildah push localhost/curl-dev-debian:master docker://ghcr.io/"${GITHUB_REPOSITORY}"/curl-dev-debian:master

	- name: 'sign images with sigstore key: dev-debian (ghcr.io)'
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	echo "${COSIGN_PRIVATE_KEY}" \| cosign sign -y --key /dev/stdin ghcr.io/"${GITHUB_REPOSITORY}"/curl-dev-debian:master

	- name: 'verify images with public key: dev-debian (ghcr.io)'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	cosign verify --key cosign.pub ghcr.io/"${GITHUB_REPOSITORY}"/curl-dev-debian:master

	- name: 'build image: dev-fedora'
	run: buildah unshare make branch_or_ref=master release_tag=master build_fedora

	- name: 'test image: dev-fedora'
	run: buildah unshare make dist_name=localhost/curl-dev-fedora release_tag=master test

	- name: 'security scan image: dev-fedora'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	make image_name=localhost/curl-dev-fedora:master scan

	- name: 'push images: dev-fedora (ghcr.io)'
	run: buildah push localhost/curl-dev-fedora:master docker://ghcr.io/"${GITHUB_REPOSITORY}"/curl-dev-fedora:master

	- name: 'sign images with sigstore key: dev-fedora (ghcr.io)'
	env:
	COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}'
	COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	echo "${COSIGN_PRIVATE_KEY}" \| cosign sign -y --key /dev/stdin ghcr.io/"${GITHUB_REPOSITORY}"/curl-dev-fedora:master

	- name: 'logout (ghcr.io)'
	run: \|
	podman logout ghcr.io/"${GITHUB_REPOSITORY_OWNER}"
	docker logout ghcr.io/"${GITHUB_REPOSITORY_OWNER}"

	- name: 'verify images with public key: dev-fedora (ghcr.io)'
	run: \|
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	cosign verify --key cosign.pub ghcr.io/"${GITHUB_REPOSITORY}"/curl-dev-fedora:master

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GHA/build_master*: drop branch name from checkout, it is the default … #1068

Workflow file

GHA/build_master*: drop branch name from checkout, it is the default … #1068

Uh oh!

Workflow file for this run