Include SBOM in container image (#16) #16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Helm Chart Release Action | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| release: | |
| types: | |
| - published | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build: | |
| name: Docker Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Make tag | |
| run: | | |
| [ "${GITHUB_EVENT_NAME}" == 'pull_request' ] && echo "tag=v0.0.0-pull-request.${{ github.event.number }}" >> $GITHUB_ENV || true | |
| [ "${GITHUB_EVENT_NAME}" == 'release' ] && echo "tag=${GITHUB_REF##*/}" >> $GITHUB_ENV || true | |
| [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "tag=v0.0.0-${GITHUB_REF##*/}" >> $GITHUB_ENV || true | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # the replacement can be checked with: | |
| # helm show values oci://ghcr.io/metal-stack/charts/<chart>:<tag> | |
| - name: Patch container image tags in values.yaml | |
| uses: mikefarah/yq@v4 | |
| with: | |
| cmd: yq e -i '.image.tag="${{ steps.meta.outputs.version }}"' charts/${{ github.event.repository.name }}/values.yaml | |
| - name: Release Helm OCI Artifact | |
| uses: appany/[email protected] | |
| with: | |
| name: ${{ github.event.repository.name }} | |
| repository: ${{ github.repository_owner }}/charts | |
| tag: ${{ env.tag }} | |
| path: charts/${{ github.event.repository.name }} | |
| registry: ${{ env.REGISTRY }} | |
| registry_username: ${{ secrets.DOCKER_REGISTRY_USER }} | |
| registry_password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} |