|
|
|
|
@ -20,7 +20,7 @@ jobs:
|
|
|
|
|
packages: write # needed for ghcr access
|
|
|
|
|
steps:
|
|
|
|
|
- name: Checkout
|
|
|
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
|
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
|
- name: Unshallow
|
|
|
|
|
run: git fetch --prune --unshallow
|
|
|
|
|
- name: Setup Go
|
|
|
|
|
@ -34,19 +34,19 @@ jobs:
|
|
|
|
|
id: buildx
|
|
|
|
|
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
|
|
|
|
|
- name: Setup Syft
|
|
|
|
|
uses: anchore/sbom-action/download-syft@cee1b8e05ae5b2593a75e197229729eabaa9f8ec # v0.20.2
|
|
|
|
|
uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
|
|
|
|
|
- name: Setup Cosign
|
|
|
|
|
uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
|
|
|
|
|
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
|
|
|
|
|
- name: Setup Kustomize
|
|
|
|
|
uses: fluxcd/pkg/actions/kustomize@9e79277372c4746ff091eba1f10aee82974ecdaa # main
|
|
|
|
|
- name: Login to GitHub Container Registry
|
|
|
|
|
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
|
|
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
|
|
|
with:
|
|
|
|
|
registry: ghcr.io
|
|
|
|
|
username: fluxcdbot
|
|
|
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
- name: Login to Docker Hub
|
|
|
|
|
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
|
|
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
|
|
|
with:
|
|
|
|
|
username: fluxcdbot
|
|
|
|
|
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
|
|
|
|
|
@ -99,7 +99,7 @@ jobs:
|
|
|
|
|
id-token: write
|
|
|
|
|
packages: write
|
|
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
|
|
|
- name: Setup Kustomize
|
|
|
|
|
uses: fluxcd/pkg/actions/kustomize@9e79277372c4746ff091eba1f10aee82974ecdaa # main
|
|
|
|
|
- name: Setup Flux CLI
|
|
|
|
|
@ -110,13 +110,13 @@ jobs:
|
|
|
|
|
VERSION=$(flux version --client | awk '{ print $NF }')
|
|
|
|
|
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
|
|
|
|
- name: Login to GHCR
|
|
|
|
|
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
|
|
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
|
|
|
with:
|
|
|
|
|
registry: ghcr.io
|
|
|
|
|
username: fluxcdbot
|
|
|
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
- name: Login to DockerHub
|
|
|
|
|
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
|
|
|
|
|
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
|
|
|
|
|
with:
|
|
|
|
|
username: fluxcdbot
|
|
|
|
|
password: ${{ secrets.DOCKER_FLUXCD_PASSWORD }}
|
|
|
|
|
@ -144,7 +144,7 @@ jobs:
|
|
|
|
|
--path="./flux-system" \
|
|
|
|
|
--source=${{ github.repositoryUrl }} \
|
|
|
|
|
--revision="${{ github.ref_name }}@sha1:${{ github.sha }}"
|
|
|
|
|
- uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
|
|
|
|
|
- uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
|
|
|
|
|
- name: Sign manifests
|
|
|
|
|
env:
|
|
|
|
|
COSIGN_EXPERIMENTAL: 1
|
|
|
|
|
|
dependabot[bot]
1 week ago
committed by
GitHub