Skip to content

Commit 4fb8eea

Browse files
Gary-H9Gary-H9
committed
🔧 Formatting
1 parent b9e61ab commit 4fb8eea

File tree

1 file changed

+90
-91
lines changed

1 file changed

+90
-91
lines changed

.github/workflows/release.yml

+90-91
Original file line numberDiff line numberDiff line change
@@ -1,92 +1,91 @@
11
---
2-
name: 🔖 Release
3-
4-
on:
5-
push:
6-
tags:
7-
- "*"
8-
9-
permissions: {}
10-
11-
jobs:
12-
release:
13-
name: Release
14-
runs-on: ubuntu-latest
15-
permissions:
16-
actions: read
17-
attestations: write
18-
contents: write
19-
id-token: write
20-
packages: write
21-
steps:
22-
- name: Checkout
23-
id: checkout
24-
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
25-
26-
- name: Install cosign
27-
id: install_cosign
28-
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
29-
30-
- name: Log in to GitHub Container Registry
31-
id: ghcr_login
32-
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
33-
with:
34-
registry: ghcr.io
35-
username: ${{ github.actor }}
36-
password: ${{ secrets.GITHUB_TOKEN }}
37-
38-
- name: Build and Push
39-
id: build_and_push
40-
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
41-
with:
42-
push: true
43-
tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
44-
45-
- name: Sign
46-
id: sign
47-
shell: bash
48-
run: |
49-
cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
50-
51-
- name: Generate SBOM
52-
id: generate_sbom
53-
uses: anchore/sbom-action@ab9d16d4b419c9d1a02df5213fa0ebe965ca5a57 # v0.17.1
54-
with:
55-
image: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
56-
format: cyclonedx-json
57-
output-file: "sbom.cyclonedx.json"
58-
59-
- name: Attest
60-
uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1
61-
id: attest
62-
with:
63-
subject-name: ghcr.io/${{ github.repository }}
64-
subject-digest: ${{ steps.build_and_push.outputs.digest }}
65-
push-to-registry: true
66-
67-
- name: Attest SBOM
68-
uses: actions/attest-sbom@f19ab44411e02574a74181cec8eb584319d0f779 # v1.4.0
69-
id: attest_sbom
70-
with:
71-
subject-name: ghcr.io/${{ github.repository }}
72-
subject-digest: ${{ steps.build_and_push.outputs.digest }}
73-
sbom-path: sbom.cyclonedx.json
74-
push-to-registry: true
75-
76-
- name: cosign Verify
77-
id: cosign_verify
78-
shell: bash
79-
run: |
80-
cosign verify \
81-
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
82-
--certificate-identity=https://github.com/${{ github.workflow_ref }} \
83-
ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
84-
85-
- name: GitHub Attestation Verify
86-
id: gh_attestation_verify
87-
shell: bash
88-
env:
89-
GH_TOKEN: ${{ github.token }}
90-
run: |
91-
gh attestation verify oci://ghcr.io/${{ github.repository }}:${{ github.ref_name }} --repo ${{ github.repository }}
92-
2+
name: 🔖 Release
3+
4+
on:
5+
push:
6+
tags:
7+
- "*"
8+
9+
permissions: {}
10+
11+
jobs:
12+
release:
13+
name: Release
14+
runs-on: ubuntu-latest
15+
permissions:
16+
actions: read
17+
attestations: write
18+
contents: write
19+
id-token: write
20+
packages: write
21+
steps:
22+
- name: Checkout
23+
id: checkout
24+
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
25+
26+
- name: Install cosign
27+
id: install_cosign
28+
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
29+
30+
- name: Log in to GitHub Container Registry
31+
id: ghcr_login
32+
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
33+
with:
34+
registry: ghcr.io
35+
username: ${{ github.actor }}
36+
password: ${{ secrets.GITHUB_TOKEN }}
37+
38+
- name: Build and Push
39+
id: build_and_push
40+
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
41+
with:
42+
push: true
43+
tags: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
44+
45+
- name: Sign
46+
id: sign
47+
shell: bash
48+
run: |
49+
cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
50+
51+
- name: Generate SBOM
52+
id: generate_sbom
53+
uses: anchore/sbom-action@ab9d16d4b419c9d1a02df5213fa0ebe965ca5a57 # v0.17.1
54+
with:
55+
image: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
56+
format: cyclonedx-json
57+
output-file: "sbom.cyclonedx.json"
58+
59+
- name: Attest
60+
uses: actions/attest-build-provenance@310b0a4a3b0b78ef57ecda988ee04b132db73ef8 # v1.4.1
61+
id: attest
62+
with:
63+
subject-name: ghcr.io/${{ github.repository }}
64+
subject-digest: ${{ steps.build_and_push.outputs.digest }}
65+
push-to-registry: true
66+
67+
- name: Attest SBOM
68+
uses: actions/attest-sbom@f19ab44411e02574a74181cec8eb584319d0f779 # v1.4.0
69+
id: attest_sbom
70+
with:
71+
subject-name: ghcr.io/${{ github.repository }}
72+
subject-digest: ${{ steps.build_and_push.outputs.digest }}
73+
sbom-path: sbom.cyclonedx.json
74+
push-to-registry: true
75+
76+
- name: cosign Verify
77+
id: cosign_verify
78+
shell: bash
79+
run: |
80+
cosign verify \
81+
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
82+
--certificate-identity=https://github.com/${{ github.workflow_ref }} \
83+
ghcr.io/${{ github.repository }}@${{ steps.build_and_push.outputs.digest }}
84+
85+
- name: GitHub Attestation Verify
86+
id: gh_attestation_verify
87+
shell: bash
88+
env:
89+
GH_TOKEN: ${{ github.token }}
90+
run: |
91+
gh attestation verify oci://ghcr.io/${{ github.repository }}:${{ github.ref_name }} --repo ${{ github.repository }}

0 commit comments

Comments
 (0)