Reusable Release Workflow #45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reusable Release Workflow | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| docker-image: | |
| description: 'Docker image to use' | |
| required: true | |
| default: 'ghcr.io/kosli-dev/templated-workflow:efe3729b' | |
| type: string | |
| workflow_call: | |
| inputs: | |
| docker-image: | |
| description: 'Docker image to use' | |
| required: true | |
| type: string | |
| env: | |
| BUILD_NUMBER: ${{ github.run_number }} | |
| GIT_REPO: ${{ github.repository }} | |
| GIT_REPO_URL: ${{ github.event.repository.clone_url }} | |
| IMAGE: ${{ github.repository_owner }}/${{ github.event.repository.name }} | |
| BUILD_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| COMMIT_URL: ${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }} | |
| KOSLI_API_TOKEN: ${{ secrets.KOSLI_API_KEY }} # Set the Kosli API token as a secret in your repository | |
| KOSLI_ORG: kosli-public | |
| KOSLI_FLOW: ${{ github.event.repository.name }}-release | |
| KOSLI_ARTIFACT_FLOW: ${{ github.event.repository.name }} | |
| KOSLI_TRAIL: ${{ github.sha }} # Use the full Git SHA for the trail | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: echo release | |
| run: echo "Releasing ${{ inputs.docker-image }}" | |
| - name: Clone down repository | |
| uses: actions/checkout@v4 | |
| - name: setup-kosli-cli | |
| uses: kosli-dev/setup-cli-action@v2 | |
| - name: Begin trail | |
| run: kosli begin trail ${{ github.sha }} --description "build number ${BUILD_NUMBER}" | |
| - name: Download container image | |
| run: docker pull ${{ inputs.docker-image }} | |
| - name: Attest docker image | |
| run: kosli attest artifact --artifact-type=docker --commit-url=${{env.COMMIT_URL}} --commit=${{ github.sha }} ${{ inputs.docker-image }} --build-url=${{ env.BUILD_URL }} --name=container | |
| - name: Get trail from Kosli | |
| env: | |
| IMAGE: ${{ inputs.docker-image }} | |
| run: node scripts/get-trail.js | |
| - name: Kosli complete action | |
| uses: ./template-complete-action | |
| with: | |
| json_file_path: trail.json | |
| status_to_find: MISSING | |
| # if failure | |
| - name: Attest failure | |
| if: ${{ failure() }} | |
| run: kosli attest generic --name template-complete --attachments=trail.json --compliant false | |
| - name: Kosli attest template complete | |
| run: kosli attest generic --name template-complete --attachments=trail.json |