-
Notifications
You must be signed in to change notification settings - Fork 0
44 lines (43 loc) · 1.51 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: Publish package and image to GitHub Packages
on:
release:
types: [created]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'liberica'
- name: Publish package
run: mvn --batch-mode deploy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build image
run: docker build . --file Dockerfile --platform linux/amd64 --tag "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
- name: Push image
run: docker push "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
# This step calls the container workflow to generate provenance and push it to
# the container registry.
provenance:
needs: [publish]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
registry-username: andifalk
secrets:
registry-password: ${{ secrets.DOCKERHUB_TOKEN }}