Skip to content

Nightly Build

Nightly Build #201

name: "Nightly Build"
on:
schedule:
- cron: "0 0 * * *"
jobs:
nightly:
if: (github.event_name == 'schedule' && github.repository == 'opentdf/platform')
name: Nightly Container Build
runs-on: ubuntu-22.04
permissions:
id-token: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: "Authenticate to Google Cloud (Push to Public registry)"
id: "gcp-auth"
uses: google-github-actions/auth@62cf5bd3e4211a0a0b51f2c6d6a37129d828611d
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
token_format: "access_token"
create_credentials_file: false
- name: Install Cosign
uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
- name: 'Docker login to Artifact Registry'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: us-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp-auth.outputs.access_token }}
- id: docker_meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
with:
images: ${{ secrets.DOCKER_REPO }}
tags: |
type=schedule,pattern=nightly
type=sha,format=short,prefix=nightly-
- name: Build and Push container images
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
id: build-and-push
with:
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
- name: Sign the images with GitHub OIDC Token
env:
DIGEST: ${{ steps.build-and-push.outputs.digest }}
TAGS: ${{ steps.docker_meta.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes --recursive ${images}