11name : Release
22
33on :
4- release :
5- types :
6- - released
7- workflow_dispatch :
8- inputs :
9- tag_name :
10- description : " Tag to release"
11- required : true
4+ push :
5+ # release:
6+ # types:
7+ # - released
8+ # workflow_dispatch:
9+ # inputs:
10+ # tag_name:
11+ # description: "Tag to release"
12+ # required: true
1213
1314permissions :
1415 contents : read
1516
1617jobs :
1718 image :
1819 runs-on : ubuntu-24.04
19- name : Release Actions
20+ name : Build release image
2021 permissions :
2122 contents : read
2223 packages : write
23- env :
24- GITHUB_TOKEN : ${{ secrets.RELEASE_GITHUB_TOKEN }}
24+ id-token : write
25+ attestations : write
26+ environment :
27+ name : dockerhub
28+ url : https://hub.docker.com/r/danielflook/terraform-github-actions-dev/tags?name="test"
29+ outputs :
30+ digest : ${{ steps.image_build.outputs.digest }}
2531 steps :
2632 - name : Checkout
2733 uses : actions/checkout@v4
@@ -47,26 +53,59 @@ jobs:
4753 - name : Build action image
4854 id : image_build
4955 env :
50- RELEASE_TAG : " ${{ github.event.release.tag_name }}${{ github.event.inputs.tag_name }} "
56+ RELEASE_TAG : " test "
5157 run : |
5258 docker buildx build \
5359 --build-arg FETCH_CHECKSUMS=yes \
5460 --build-arg VERSION="${RELEASE_TAG:1}" \
55- --tag "danielflook/terraform-github-actions:$RELEASE_TAG" \
56- --tag "ghcr.io/dflook/terraform-github-actions:$RELEASE_TAG" \
61+ --tag "danielflook/terraform-github-actions-dev :$RELEASE_TAG" \
62+ --tag "ghcr.io/dflook/terraform-github-actions-dev :$RELEASE_TAG" \
5763 --platform linux/amd64,linux/arm64 \
5864 --attest type=provenance,mode=max,builder-id=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID \
65+ --annotation "index,manifest:org.opencontainers.image.created=$(date '+%Y-%m-%dT%H:%M:%S%z')" \
66+ --annotation "index,manifest:org.opencontainers.image.source=https://github.com/${{ github.repository }}" \
67+ --annotation "index,manifest:org.opencontainers.image.revision=${{ github.sha }}" \
68+ --annotation "index,manifest:org.opencontainers.image.version=$RELEASE_TAG" \
69+ --annotation "index,manifest:org.opencontainers.image.title=terraform-github-actions" \
70+ --annotation "index,manifest:org.opencontainers.image.description=GitHub actions for terraform" \
71+ --annotation "index:org.opencontainers.image.ref.name=docker.io/danielflook/terraform-github-actions-dev:$RELEASE_TAG" \
72+ --annotation "index,manifest:builder-id=$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \
73+ --annotation "index,manifest:ref.tag=$RELEASE_TAG" \
74+ --annotation "index,manifest:org.opencontainers.image.base.name=docker.io/danielflook/terraform-github-actions-base" \
5975 --push \
6076 --iidfile manifest-list-digest.txt \
6177 image
6278
6379 echo "digest=$(<manifest-list-digest.txt)" >> "$GITHUB_OUTPUT"
6480
81+ name : Dockerhub ref attestation
82+ uses : actions/attest-build-provenance@v2
83+ with :
84+ subject-name : index.docker.io/danielflook/terraform-github-actions-dev
85+ subject-digest : ${{ steps.image_build.outputs.digest }}
86+
87+ - name : GHCR ref attestation
88+ uses : actions/attest-build-provenance@v2
89+ with :
90+ subject-name : ghcr.io/dflook/terraform-github-actions-dev
91+ subject-digest : ${{ steps.image_build.outputs.digest }}
92+
93+ actions :
94+ runs-on : ubuntu-24.04
95+ name : Release Actions
96+ needs :
97+ - image
98+ environment :
99+ name : release
100+ url : https://github.com/dflook/terraform-github-actions/releases/tag/${{ github.event.release.tag_name }}${{ github.event.inputs.tag_name }}"
101+ steps :
65102 - name : Release actions
66103 env :
104+ GITHUB_TOKEN : ${{ secrets.RELEASE_GITHUB_TOKEN }}
67105 RELEASE_TAG : " ${{ github.event.release.tag_name }}${{ github.event.inputs.tag_name }}"
68- IMAGE_DIGEST : ${{ steps.image_build .outputs.digest }}
106+ IMAGE_DIGEST : ${{ needs.image .outputs.digest }}
69107 run : |
108+ exit 0
70109 export major=$(echo "$RELEASE_TAG" | cut -d. -f1)
71110 export minor=$(echo "$RELEASE_TAG" | cut -d. -f2)
72111
@@ -80,14 +119,14 @@ jobs:
80119 cp "$GITHUB_WORKSPACE/.github/FUNDING.yml" "$HOME/$action/.github/FUNDING.yml"
81120 }
82121
83- for action in $(cd "$GITHUB_WORKSPACE" && find . -name action.yaml -printf "%h\n" | sed 's/^.\///'); do
122+ for action in $(cd "$GITHUB_WORKSPACE" && find . -name action.yml -printf "%h\n" | sed 's/^.\///'); do
84123
85124 if git clone "https://dflook:$GITHUB_TOKEN@github.com/dflook/$action.git" "$HOME/$action"; then
86125 echo "Releasing dflook/$action@$RELEASE_TAG"
87126
88127 # git tags that use DockerHub for the image
89128 prepare_release
90- sed -i "s| image:.*| image: docker://danielflook/terraform-github-actions@$IMAGE_DIGEST|" "$HOME/$action/action.yaml"
129+ sed -i "s| image:.*| image: docker://danielflook/terraform-github-actions-dev @$IMAGE_DIGEST|" "$HOME/$action/action.yaml"
91130
92131 git -C "$HOME/$action" add -A
93132 git -C "$HOME/$action" commit -m "$RELEASE_TAG"
@@ -100,7 +139,7 @@ jobs:
100139 # git tags that use GitHub Container Registry for the image
101140 git -C "$HOME/$action" checkout ghcr || git -C "$HOME/$action" checkout -b ghcr
102141 prepare_release
103- sed -i "s| image:.*| image: docker://ghcr.io/dflook/terraform-github-actions@$IMAGE_DIGEST|" "$HOME/$action/action.yaml"
142+ sed -i "s| image:.*| image: docker://ghcr.io/dflook/terraform-github-actions-dev @$IMAGE_DIGEST|" "$HOME/$action/action.yaml"
104143
105144 git -C "$HOME/$action" add -A
106145 git -C "$HOME/$action" commit -m "$RELEASE_TAG-ghcr"
0 commit comments