Skip to content
Build all

Should use date for cache key #24

Sign in to view logs

Should use date for cache key

Should use date for cache key #24

Workflow file for this run

.github/workflows/build_all.yml at e11d311
name: Build all
on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- '**/README.md'
schedule:
# Every Saturday at 2AM UTC
- cron: "0 2 * * 6"
env:
DNF_CACHE_PATH: /var/cache/libdnf5
HOST_DNF_CACHE_PATH: /tmp/libdnf5
jobs:
build-and-push:
runs-on: ubuntu-24.04
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
attestations: write
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Mkdir for DNF Cache
run: mkdir -p ${{ env.HOST_DNF_CACHE_PATH }}
- name: Restore DNF Cache
uses: actions/cache/restore@v4
with:
path: ${{ env.HOST_DNF_CACHE_PATH }}
key: dnf-cache
- name: Install Cosign
uses: sigstore/cosign-installer@v3.7.0
- name: Extract metadata for Docker (main)
id: meta-main
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}
flavor: |
latest=true
tags: |
type=raw,value={{date 'YYYYMMDD'}}
- name: Extract metadata for Docker (minimal)
id: meta-minimal
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}-minimal
flavor: |
latest=true
tags: |
type=raw,value={{date 'YYYYMMDD'}}
- name: Log in to ghcr.io
uses: redhat-actions/podman-login@v1
with:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
- name: Buildah Action (main)
id: build-image-main
uses: redhat-actions/buildah-build@v2
with:
context: fe
containerfiles: fe/Dockerfile
tags: ${{ steps.meta-main.outputs.tags }}
oci: true
extra-args: |
--squash
-v ${{ env.HOST_DNF_CACHE_PATH }}:${{ env.DNF_CACHE_PATH }}
- name: Buildah Action (minimal)
id: build-image-minimal
uses: redhat-actions/buildah-build@v2
with:
context: minimal
containerfiles: minimal/Dockerfile
tags: ${{ steps.meta-minimal.outputs.tags }}
oci: true
extra-args: |
--squash
-v ${{ env.HOST_DNF_CACHE_PATH }}:${{ env.DNF_CACHE_PATH }}
- name: Get Date
id: get-date
shell: bash
run: |
echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
- name: Save DNF Cache
uses: actions/cache/save@v4
with:
path: ${{ env.HOST_DNF_CACHE_PATH }}
key: dnf-cache-${{ steps.get-date.outputs.date }}
- name: Push (main)
id: push-main
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image-main.outputs.image }}
tags: ${{ steps.build-image-main.outputs.tags }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
extra-args: |
--compression-format=zstd
- name: Push (minimal)
id: push-minimal
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image-minimal.outputs.image }}
tags: ${{ steps.build-image-minimal.outputs.tags }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
extra-args: |
--compression-format=zstd
- name: Sign the images with GitHub OIDC Token (main)
env:
DIGEST: ${{ steps.push-main.outputs.digest }}
TAGS: ${{ steps.meta-main.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}
- name: Sign the images with GitHub OIDC Token (minimal)
env:
DIGEST: ${{ steps.push-minimal.outputs.digest }}
TAGS: ${{ steps.meta-minimal.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}
- name: Attest (main)
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push-main.outputs.digest }}
push-to-registry: true
- name: Attest (minimal)
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}-minimal
subject-digest: ${{ steps.push-minimal.outputs.digest }}
push-to-registry: true