Skip to content

Nighly Docker Build #310

Nighly Docker Build

Nighly Docker Build #310

name: Nighly Docker Build
on:
schedule:
- cron: '15 22 * * 1-5' # 22:15 UTC, Monday through Friday
workflow_dispatch:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# We cannot use our production values for nightly Docker builds as that would leak our production secrets.
ALGOLIA_ADMIN_KEY: "123456789"
ALGOLIA_APP_ID: "123456789"
ALGOLIA_SEARCH_KEY: "123456789"
ALGOLIA_INDEX_NAME: "madeup-index"
PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }}
DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }}
DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }}
DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js environment
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
- run: npm ci
- name: Build
run: |
touch .env
make build-ci
- name: Build with cached packs
if: ${{ env.BUILD_EXIT_CODE == '5' }}
uses: ./.github/actions/build-cached-packs
with:
gh-token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5.6.1
with:
images: ghcr.io/${{ github.repository }}:nightly
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
id: build-and-push
with:
context: .
file: ./Dockerfile-offline
# build-args:
platforms: linux/amd64,linux/arm64
push: true
tags: ghcr.io/${{ github.repository }}:nightly
labels: ${{ steps.meta.outputs.labels }}
- uses: sigstore/cosign-installer@v3.7.0
- name: Image Signing
run: |
cosign sign --yes \
-a "repo=${{ github.repository }}" \
-a "workflow=${{ github.workflow }}" \
-a "ref=${{ github.sha }}" \
-a "owner=Spectro Cloud" \
--key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
env:
TAGS: ghcr.io/${{ github.repository }}:nightly
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}