Skip to content

Nightly Build

Nightly Build #16

name: "Nightly Build"
on:
schedule:
- cron: "0 0 * * *"
jobs:
nightly:
if: (github.event_name == 'schedule' && github.repository == 'opentdf/platform')
name: Nightly Container Build
runs-on: ubuntu-22.04
permissions:
id-token: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: "Authenticate to Google Cloud (Push to Public registry)"
id: "gcp-auth"
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
token_format: "access_token"
create_credentials_file: false
- name: Install Cosign
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20
- name: Set up QEMU
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb
- name: 'Docker login to Artifact Registry'
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20
with:
registry: us-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp-auth.outputs.access_token }}
- id: docker_meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81
with:
images: ${{ secrets.DOCKER_REPO }}
tags: |
type=schedule,pattern=nightly
type=sha,format=short,prefix=nightly-
- name: Build and Push container images
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0
id: build-and-push
with:
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
- name: Sign the images with GitHub OIDC Token
env:
DIGEST: ${{ steps.build-and-push.outputs.digest }}
TAGS: ${{ steps.docker_meta.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes --recursive ${images}