Skip to content

Commit

Permalink
Merge pull request #224 from stefanprodan/push-cue-schemas
Browse files Browse the repository at this point in the history
ci: Publish Timoni's CUE schemas to GHCR
  • Loading branch information
stefanprodan authored Oct 21, 2023
2 parents b73264c + ae6b258 commit 2e8aac8
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 8 deletions.
26 changes: 18 additions & 8 deletions .github/workflows/push.yaml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
name: push
name: push-artifacts

on:
workflow_dispatch:
inputs:
version:
description: 'semver'
description: 'RC version'
required: true

permissions:
Expand All @@ -29,12 +29,22 @@ jobs:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push and Sign
- name: Push minimal module
run: |
timoni mod push ./examples/minimal oci://ghcr.io/stefanprodan/timoni/minimal \
--sign cosign \
--version ${{ github.event.inputs.version }} \
-v ${{ github.event.inputs.version }} --latest \
-a 'org.opencontainers.image.licenses=Apache-2.0' \
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/timoni/tree/main/examples/minimal' \
-a 'org.opencontainers.image.description=A minimal timoni.sh module example.' \
-a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/timoni/blob/main/examples/minimal/README.md'
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/timoni' \
-a 'org.opencontainers.image.description=A minimal timoni.sh module.' \
-a 'org.opencontainers.image.documentation=https://timoni.sh' \
--sign cosign
- name: Push schemas
run: |
timoni artifact push oci://ghcr.io/stefanprodan/timoni/schemas \
-f ./schemas -t ${{ github.event.inputs.version }} -t latest \
-a 'org.opencontainers.image.licenses=Apache-2.0' \
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/timoni' \
-a 'org.opencontainers.image.description=Timoni CUE schemas.' \
-a 'org.opencontainers.image.documentation=https://timoni.sh' \
--content-type="cue.mod/pkg" \
--sign cosign
45 changes: 45 additions & 0 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,51 @@ jobs:
echo "hashes=$hashes" >> $GITHUB_OUTPUT
echo "version=${GITHUB_REF_NAME#v}" >> $GITHUB_OUTPUT
publish-artifacts:
needs: [goreleaser]
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Checkout
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
- name: Setup Cosign
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- name: Setup Timoni
uses: ./actions/setup
- name: Login to GHCR
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Version info
id: info
run: |
VERSION=$(timoni -v | awk '{ print $NF }')
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Push minimal module
run: |
timoni mod push ./examples/minimal oci://ghcr.io/stefanprodan/timoni/minimal \
-v ${{ steps.info.outputs.version }} --latest \
-a 'org.opencontainers.image.licenses=Apache-2.0' \
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/timoni' \
-a 'org.opencontainers.image.description=A minimal timoni.sh module.' \
-a 'org.opencontainers.image.documentation=https://timoni.sh' \
--sign cosign
- name: Push schemas
run: |
timoni artifact push oci://ghcr.io/stefanprodan/timoni/schemas \
-f ./schemas -t ${{ steps.info.outputs.version }} -t latest \
-a 'org.opencontainers.image.licenses=Apache-2.0' \
-a 'org.opencontainers.image.source=https://github.com/stefanprodan/timoni' \
-a 'org.opencontainers.image.description=Timoni CUE schemas.' \
-a 'org.opencontainers.image.documentation=https://timoni.sh' \
--content-type="cue.mod/pkg" \
--sign cosign
provenance:
needs: [goreleaser]
permissions:
Expand Down
23 changes: 23 additions & 0 deletions schemas/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Timoni CUE Schemas

The Timoni's CUE schemas are included in the modules generated with `timoni mod init`.

## Vendoring

To update a module's schemas to the latest version,
run the following command from within the module root:

```shell
timoni artifact pull oci://ghcr.io/stefanprodan/timoni/schemas:latest \
--output cue.mod/pkg
```

To update the schemas and verify the signature with Cosign v2:

```shell
timoni artifact pull oci://ghcr.io/stefanprodan/timoni/schemas:latest \
--verify=cosign \
--certificate-identity-regexp="^https://github.com/stefanprodan/timoni.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com \
--output cue.mod/pkg
```

0 comments on commit 2e8aac8

Please sign in to comment.