chore(docs): explain docker image verification #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
concurrency: | |
cancel-in-progress: ${{ ! startsWith(github.ref, 'refs/tags/v') }} | |
group: ci-${{ github.ref_name }}-${{ github.event_name }} | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
tags: | |
- v* | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
security-events: write | |
jobs: | |
build-edge: | |
if: | | |
github.event_name == 'push' && | |
github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build docker | |
uses: meysam81/build-docker@main | |
with: | |
cosign: true | |
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} | |
dockerhub-password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
image-name: ghcr.io/${{ github.repository }} | |
image-extra-tags: | | |
meysam81/${{ github.event.repository.name }}:${{ github.run_id }} | |
meysam81/${{ github.event.repository.name }}:latest | |
ghcr.io/${{ github.repository }}:${{ github.run_id }} | |
ghcr.io/${{ github.repository }}:latest | |
kubescape: true | |
kubescape-upload-sarif: true | |
build-pr: | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build docker | |
uses: meysam81/build-docker@main | |
with: | |
cosign: true | |
image-name: ghcr.io/${{ github.repository }} | |
kubescape: true | |
scout-comment-pr: true | |
scout-compare: true | |
scout-cves: true | |
release-please: | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
outputs: | |
releases_created: ${{ steps.release-please.outputs.releases_created }} | |
tag_name: ${{ steps.release-please.outputs.tag_name }} | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- id: release-please | |
name: Release please | |
uses: googleapis/release-please-action@v4 | |
with: | |
release-type: simple | |
build-stable: | |
needs: release-please | |
if: needs.release-please.outputs.releases_created == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Build docker | |
uses: meysam81/build-docker@main | |
with: | |
cosign: true | |
dockerhub-username: ${{ secrets.DOCKERHUB_USERNAME }} | |
dockerhub-password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
image-name: ghcr.io/${{ github.repository }} | |
image-extra-tags: | | |
meysam81/${{ github.event.repository.name }}:${{ needs.release-please.outputs.tag_name }} | |
ghcr.io/${{ github.repository }}:${{ needs.release-please.outputs.tag_name }} | |
build-docs: | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
permissions: | |
attestations: write | |
contents: read | |
id-token: write | |
pages: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.x | |
- name: Cache mkdocs-material | |
uses: actions/cache@v4 | |
with: | |
key: mkdocs-material-${{ hashFiles('requirements.txt') }} | |
path: .cache | |
restore-keys: | | |
mkdocs-material- | |
- name: Install dependencies | |
run: | | |
pip install -U pip -r requirements.txt | |
sudo apt-get install -y libcairo2-dev libfreetype6-dev libffi-dev libjpeg-dev libpng-dev libz-dev pngquant | |
- env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
name: Build the site | |
run: mkdocs build | |
- name: Upload Pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
name: build-${{ github.ref_name }}-${{ github.run_id }} | |
path: site | |
- id: deployment | |
name: Deploy to GitHub Pages | |
uses: actions/deploy-pages@v4 | |
with: | |
artifact_name: build-${{ github.ref_name }}-${{ github.run_id }} |