Zarf Application Package Publishing #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Zarf Application Package Publishing | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
workflow_dispatch: | |
jobs: | |
publish-packages: | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
steps: | |
- name: "Checkout Repo" | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
- name: Auth with AWS | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: ${{ secrets.AWS_KMS_ROLE }} | |
role-session-name: ${{ github.job || github.event.client_payload.pull_request.head.sha || github.sha }} | |
aws-region: us-east-2 | |
role-duration-seconds: 3600 | |
- name: Install The Latest Release Version of Zarf | |
uses: defenseunicorns/setup-zarf@10e539efed02f75ec39eb8823e22a5c795f492ae #v1.0.1 | |
- name: "Login to GHCR" | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: ghcr.io | |
username: dummy | |
password: ${{ github.token }} | |
- name: Build And Publish Application Packages | |
# Create the dos-games package with the cosign signature, publish to ghcr and copy the tags to allow 'uname -m' to work | |
run: | | |
zarf package create -o build -a amd64 examples/dos-games --signing-key=awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} --confirm | |
zarf package create -o build -a arm64 examples/dos-games --signing-key=awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} --confirm | |
# Publish a the signed dos-games package | |
zarf package publish ./build/zarf-package-dos-games-amd64-1.1.0.tar.zst oci://ghcr.io/zarf-dev/packages --key=https://zarf.dev/cosign.pub | |
zarf package publish ./build/zarf-package-dos-games-arm64-1.1.0.tar.zst oci://ghcr.io/zarf-dev/packages --key=https://zarf.dev/cosign.pub | |
# Publish a skeleton of the dos-games package | |
zarf package publish examples/dos-games oci://ghcr.io/zarf-dev/packages |