|
|
|
@ -144,7 +144,7 @@ jobs: |
|
|
|
draft: false |
|
|
|
draft: false |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
release-version: |
|
|
|
release-s3: |
|
|
|
name: Upload version.json |
|
|
|
name: Upload version.json |
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
needs: |
|
|
|
needs: |
|
|
|
@ -183,8 +183,8 @@ jobs: |
|
|
|
--quiet |
|
|
|
--quiet |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
tag-docker-latest: |
|
|
|
tag-push-latest-images: |
|
|
|
name: Tag ${{ matrix.project_name }} image with release version and latest |
|
|
|
name: Tag and push ${{ matrix.project_name }} image with release version and latest |
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
runs-on: ubuntu-24.04 |
|
|
|
needs: |
|
|
|
needs: |
|
|
|
- setup |
|
|
|
- setup |
|
|
|
@ -254,7 +254,7 @@ jobs: |
|
|
|
registry: ghcr.io |
|
|
|
registry: ghcr.io |
|
|
|
username: ${{ github.actor }} |
|
|
|
username: ${{ github.actor }} |
|
|
|
password: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
password: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
|
|
|
|
|
|
|
|
- name: Pull versioned image |
|
|
|
- name: Pull versioned image |
|
|
|
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG |
|
|
|
run: docker pull $_AZ_REGISTRY/$_PROJECT_NAME:$_RELEASE_TAG |
|
|
|
|
|
|
|
|
|
|
|
@ -316,6 +316,9 @@ jobs: |
|
|
|
username: ${{ github.actor }} |
|
|
|
username: ${{ github.actor }} |
|
|
|
password: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
password: ${{ secrets.GITHUB_TOKEN }} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: Install Cosign |
|
|
|
|
|
|
|
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1 |
|
|
|
|
|
|
|
|
|
|
|
- name: Push version and latest image |
|
|
|
- name: Push version and latest image |
|
|
|
if: ${{ inputs.release_type != 'Dry Run' }} |
|
|
|
if: ${{ inputs.release_type != 'Dry Run' }} |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
@ -324,12 +327,12 @@ jobs: |
|
|
|
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:$_RELEASE_VERSION |
|
|
|
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:$_RELEASE_VERSION |
|
|
|
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:beta # TODO: Delete after GA |
|
|
|
skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:beta # TODO: Delete after GA |
|
|
|
# skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:latest # TODO: uncomment after GA |
|
|
|
# skopeo copy --all docker://$_AZ_REGISTRY/self-host:beta docker://ghcr.io/bitwarden/self-host:latest # TODO: uncomment after GA |
|
|
|
|
|
|
|
|
|
|
|
- name: Sign image with Cosign |
|
|
|
- name: Sign image with Cosign |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
cosign sign --yes ghcr.io/bitwarden/self-host:$_RELEASE_TAG |
|
|
|
cosign sign --yes ghcr.io/bitwarden/self-host:$_RELEASE_TAG |
|
|
|
cosign sign --yes ghcr.io/bitwarden/self-host:latest |
|
|
|
cosign sign --yes ghcr.io/bitwarden/self-host:latest |
|
|
|
|
|
|
|
|
|
|
|
- name: Verify the signed image with Cosign |
|
|
|
- name: Verify the signed image with Cosign |
|
|
|
run: | |
|
|
|
run: | |
|
|
|
cosign verify \ |
|
|
|
cosign verify \ |
|
|
|
@ -384,6 +387,8 @@ jobs: |
|
|
|
needs: |
|
|
|
needs: |
|
|
|
- setup |
|
|
|
- setup |
|
|
|
- release |
|
|
|
- release |
|
|
|
|
|
|
|
- tag-push-latest-images |
|
|
|
|
|
|
|
- release-unified |
|
|
|
steps: |
|
|
|
steps: |
|
|
|
- name: Generate GH App token |
|
|
|
- name: Generate GH App token |
|
|
|
uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 |
|
|
|
uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1 |
|
|
|
|
Opeyemi
9 months ago
committed by
GitHub