mirror of
https://github.com/mikefarah/yq.git
synced 2026-07-07 06:10:36 +00:00
New workflow for github action
This commit is contained in:
parent
ef507264e1
commit
87a62da881
35
.github/workflows/docker-githubaction.yml
vendored
35
.github/workflows/docker-githubaction.yml
vendored
@ -2,10 +2,6 @@ name: Release Docker GitHub Action
|
|||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
inputs:
|
|
||||||
image_version:
|
|
||||||
description: 'yq version to tag the github-action image with (e.g. 4.53.3)'
|
|
||||||
required: true
|
|
||||||
|
|
||||||
permissions: {}
|
permissions: {}
|
||||||
|
|
||||||
@ -14,7 +10,6 @@ jobs:
|
|||||||
environment: dockerhub
|
environment: dockerhub
|
||||||
env:
|
env:
|
||||||
IMAGE_NAME: mikefarah/yq
|
IMAGE_NAME: mikefarah/yq
|
||||||
IMAGE_VERSION: ${{ inputs.image_version }}
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
@ -33,6 +28,36 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
|
- name: Verify Dockerfile base image digest matches yq:4
|
||||||
|
run: |
|
||||||
|
PINNED_DIGEST=$(grep -oE 'sha256:[a-f0-9]{64}' github-action/Dockerfile | head -1)
|
||||||
|
if [ -z "${PINNED_DIGEST}" ]; then
|
||||||
|
echo "::error::Could not find a sha256 digest in github-action/Dockerfile"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
LATEST_DIGEST=$(docker buildx imagetools inspect "${IMAGE_NAME}:4" --format '{{.Digest}}')
|
||||||
|
|
||||||
|
echo "Dockerfile pins: ${PINNED_DIGEST}"
|
||||||
|
echo "mikefarah/yq:4 is: ${LATEST_DIGEST}"
|
||||||
|
|
||||||
|
if [ "${PINNED_DIGEST}" != "${LATEST_DIGEST}" ]; then
|
||||||
|
echo "::error::github-action/Dockerfile digest does not match the current mikefarah/yq:4 image"
|
||||||
|
echo "Update the FROM line in github-action/Dockerfile to:"
|
||||||
|
echo " FROM mikefarah/yq:4@${LATEST_DIGEST}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Resolve version from yq:4
|
||||||
|
run: |
|
||||||
|
IMAGE_VERSION=$(docker run --rm "${IMAGE_NAME}:4" --version | awk '{print $NF}' | sed 's/^v//')
|
||||||
|
if [ -z "${IMAGE_VERSION}" ]; then
|
||||||
|
echo "::error::Could not determine yq version from ${IMAGE_NAME}:4"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "Resolved yq version: ${IMAGE_VERSION}"
|
||||||
|
echo "IMAGE_VERSION=${IMAGE_VERSION}" >> "${GITHUB_ENV}"
|
||||||
|
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
|
||||||
with:
|
with:
|
||||||
|
|||||||
@ -8,12 +8,12 @@
|
|||||||
- git push --tags
|
- git push --tags
|
||||||
- use github actions to publish docker and make github release
|
- use github actions to publish docker and make github release
|
||||||
- check github updated yq action in marketplace
|
- check github updated yq action in marketplace
|
||||||
- update github-action/Dockerfile to pin the newly published docker image digest:
|
- update github-action/Dockerfile to pin the newly published docker image digest (must match the mikefarah/yq:4 manifest digest):
|
||||||
skopeo inspect docker://docker.io/mikefarah/yq:4 --override-arch amd64 --override-os linux | python3 -c "import sys,json; d=json.load(sys.stdin); print(d['Digest'])"
|
docker buildx imagetools inspect docker.io/mikefarah/yq:4 --format '{{.Digest}}'
|
||||||
then update the FROM line in github-action/Dockerfile with the new digest:
|
then update the FROM line in github-action/Dockerfile with the new digest:
|
||||||
FROM mikefarah/yq:4@sha256:<new-digest>
|
FROM mikefarah/yq:4@<digest-from-above>
|
||||||
- commit the Dockerfile change, then manually run the "Release Docker GitHub Action" workflow
|
- commit the Dockerfile change, then manually run the "Release Docker GitHub Action" workflow
|
||||||
(Actions -> Release Docker GitHub Action -> Run workflow) with the new version number
|
(Actions -> Release Docker GitHub Action -> Run workflow)
|
||||||
|
|
||||||
// release artifacts are signed with cosign keyless signing (Sigstore)
|
// release artifacts are signed with cosign keyless signing (Sigstore)
|
||||||
// users can verify with:
|
// users can verify with:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user