almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 10:12:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

CI: Get and cache the signed container image

Browse source
This commit is contained in:
Alexis Métaireau 2025-04-25 17:50:32 +02:00
parent b78f30527c
commit b77583b95a
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
2 changed files with 32 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.github/workflows/build-push-image.yml vendored
View file

@ -271,6 +271,7 @@ jobs:
env: env:
COSIGN_PASSWORD: "password" COSIGN_PASSWORD: "password"
COSIGN_YES: true COSIGN_YES: true
IMAGE_URI: ${{ needs.merge.outputs.image_uri }}
needs: needs:
- merge - merge
# outputs: add signature location ? # outputs: add signature location ?
@ -300,6 +301,22 @@ jobs:
- name: Sign container - name: Sign container
run: |- run: |-
export IMAGE_URI="${{ needs.merge.image_uri }}" export IMAGE_URI="${{ needs.merge.outputs.image_uri }}"
cosign sign --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI" cosign sign --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI"
shell: bash shell: bash
- name: Get the container image from the registry
# It contains the image and the signatures
run: |-
cosign save ${{ needs.merge.outputs.image_uri }} --dir tmp
cd tmp
tar -cvf ../share/container.tar
cd ..
- name: Cache container image
id: cache-container-image
uses: actions/cache@v4
with:
key: v6-container-${{ needs.merge.outputs.image_uri }}
path: |-
share/container.tar

29
.github/workflows/ci.yml vendored
View file

@ -205,17 +205,14 @@ jobs:
id: date id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Install Cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
cosign-release: 'v2.5.0'
- name: Get the container image from the registry - name: Restore container image
run: |- uses: actions/cache/restore@v4
cosign save ${{ needs.build-container-image.outputs.image_uri }} --dir tmp with:
cd tmp path: share/container.tar
tar -cvf ../share/container.tar enableCrossOsArchive: true
cd .. fail-on-cache-miss: true
key: v6-container-${{ needs.build-container-image.outputs.image_uri }}
- name: Build Dangerzone .deb - name: Build Dangerzone .deb
run: | run: |
@ -318,10 +315,10 @@ jobs:
- name: Restore container image - name: Restore container image
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
with: with:
key: v5-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container_helpers/*', 'install/common/build-image.py') }} path: share/container.tar
path: |- enableCrossOsArchive: true
share/container.tar
fail-on-cache-miss: true fail-on-cache-miss: true
key: v6-container-${{ needs.build-container-image.outputs.image_uri }}
- name: Build Dangerzone .rpm - name: Build Dangerzone .rpm
run: | run: |
@ -414,10 +411,10 @@ jobs:
- name: Restore container image - name: Restore container image
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4
with: with:
key: v5-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container_helpers/*', 'install/common/build-image.py') }} path: share/container.tar
path: |- enableCrossOsArchive: true
share/container.tar
fail-on-cache-miss: true fail-on-cache-miss: true
key: v6-container-${{ needs.build-container-image.outputs.image_uri }}
- name: Restore cached tessdata - name: Restore cached tessdata
uses: actions/cache/restore@v4 uses: actions/cache/restore@v4