almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-02 03:32:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

CI: Put the cosign pubkey and image-name.txt in the cache

Browse source 
And use this cache to overwrite the values before running the tests.
This commit is contained in:
Alexis Métaireau 2025-04-28 17:24:12 +02:00
parent 7f08b51dbd
commit bcbcf150fc
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
2 changed files with 19 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
.github/workflows/build-push-image.yml vendored
View file

@ -156,7 +156,7 @@ jobs:
debian_archive_date: ${{ needs.build.outputs.debian_archive_date }}
source_date_epoch: ${{ needs.build.outputs.source_date_epoch }}
image: ${{ needs.build.outputs.image }}
image_uri: ${{ needs.build.output.image }}@${{ steps.image.outputs.digest_root }}"
image_uri: ${{ needs.build.outputs.image }}@${{ steps.image.outputs.digest_root }}
tag: ${{ needs.build.outputs.tag }}
digest_root: ${{ steps.image.outputs.digest_root }}
digest_amd64: ${{ steps.image.outputs.digest_amd64 }}
@ -298,12 +298,6 @@ jobs:
name: Generate keypair
run: |-
cosign generate-key-pair --output-key-prefix="${{ inputs.key_name }}"
- name: Cache keypair
uses: actions/cache@v4
with:
path: "${{ inputs.key_name }}.*"
key: ${{ inputs.key_cache }}
enableCrossOsArchive: true
- name: Login to GHCR
uses: docker/login-action@v3
@ -317,14 +311,15 @@ jobs:
cosign sign -d --yes --key=${{ inputs.key_name }}.key "${{ env.IMAGE_URI }}"
shell: bash
- name: Get the container image from the registry
# It contains the image and the signatures
- name: Prepare cached assets
run: |-
cosign save ${{ env.IMAGE_URI }} --dir dz-container
mkdir share
cd dz-container
tar -cvf ../share/container.tar .
cd ..
mv ${{ inputs.key_name }}.pub share/freedomofpress-dangerzone-pub.key
echo "${{ inputs.registry }}/${{ inputs.image_name }}" > share/image-name.txt
- name: Cache container image
id: cache-container-image
@ -333,11 +328,13 @@ jobs:
key: v6-container-${{ env.IMAGE_URI }}
path: |-
share/container.tar
share/freedomofpress-dangerzone-pub.key
share/image-name.txt
- name: Upload pubkey
uses: actions/upload-artifact@v4
with:
name: pubkey
path: "${{inputs.key_name}}.pub"
path: share/freedomofpress-dangerzone-pub.key
if-no-files-found: error
compression-level: 0

15
.github/workflows/ci.yml vendored
View file

@ -209,7 +209,10 @@ jobs:
- name: Restore container image
uses: actions/cache/restore@v4
with:
path: share/container.tar
path: |-
share/container.tar
share/freedomofpress-dangerzone-pub.key
share/image-name.txt
enableCrossOsArchive: true
fail-on-cache-miss: true
key: v6-container-${{ needs.build-container-image.outputs.image_uri }}
@ -315,7 +318,10 @@ jobs:
- name: Restore container image
uses: actions/cache/restore@v4
with:
path: share/container.tar
path: |-
share/container.tar
share/freedomofpress-dangerzone-pub.key
share/image-name.txt
enableCrossOsArchive: true
fail-on-cache-miss: true
key: v6-container-${{ needs.build-container-image.outputs.image_uri }}
@ -411,7 +417,10 @@ jobs:
- name: Restore container image
uses: actions/cache/restore@v4
with:
path: share/container.tar
path: |-
share/container.tar
share/freedomofpress-dangerzone-pub.key
share/image-name.txt
enableCrossOsArchive: true
fail-on-cache-miss: true
key: v6-container-${{ needs.build-container-image.outputs.image_uri }}