This repository has been archived by the owner on May 13, 2024. It is now read-only.

chore(deps): use v0.2.3 of container-scanning-action (#1065) #447

Workflow file for this run

.github/workflows/release.yaml at 2969f69

	---
	name: Release

	on:
	push:
	branches: [main]

	jobs:
	semrel:
	name: Semantic Release
	runs-on: ubuntu-latest
	permissions:
	actions: none
	checks: none
	contents: none
	deployments: none
	issues: none
	packages: write
	pull-requests: none
	repository-projects: none
	security-events: write # needed to write sarif to security tab
	statuses: none
	id-token: write # needed for signing the images with GitHub OIDC using cosign
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Semantic Release
	uses: go-semantic-release/action@v1
	id: semrel
	with:
	github-token: ${{ secrets.ADFINISBOT_PAT }}

	- name: Bump Version
	if: steps.semrel.outputs.version != ''
	run: \|
	pipx run poetry version "${{ steps.semrel.outputs.version }}"

	- name: Docker meta
	id: meta
	if: steps.semrel.outputs.version != ''
	uses: docker/metadata-action@v5
	with:
	images: ghcr.io/adfinis/timed-backend
	flavor: \|
	latest=auto
	tags: \|
	type=semver,pattern={{version}},value=${{ steps.semrel.outputs.version }}
	type=semver,pattern={{major}}.{{minor}},value=${{ steps.semrel.outputs.version }}
	type=semver,pattern={{major}},value=${{ steps.semrel.outputs.version }}
	labels: \|
	org.opencontainers.image.title=${{ github.event.repository.name }}
	org.opencontainers.image.description=${{ github.event.repository.description }}
	org.opencontainers.image.url=${{ github.event.repository.html_url }}
	org.opencontainers.image.source=${{ github.event.repository.clone_url }}
	org.opencontainers.image.revision=${{ github.sha }}
	org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}

	- name: Login to GHCR
	if: steps.semrel.outputs.version != ''
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.repository_owner }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Build and push
	if: steps.semrel.outputs.version != ''
	id: docker
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./Dockerfile
	push: true
	tags: ${{ steps.meta.outputs.tags }}
	labels: \|
	${{ steps.meta.outputs.labels }}

	- name: Sign image and attach SBOM attestation
	uses: adfinis/[email protected]
	if: steps.semrel.outputs.version != ''
	with:
	image-ref: ghcr.io/adfinis/timed-backend
	token: ${{ secrets.GITHUB_TOKEN }}
	digest: ${{ steps.docker.outputs.digest }}
	attest: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): use v0.2.3 of container-scanning-action (#1065) #447

Workflow file

chore(deps): use v0.2.3 of container-scanning-action (#1065) #447

Jobs

Run details

Workflow file for this run