From 5f4e977e0528e1bd579a7f0c2d825cdbe0de55ac Mon Sep 17 00:00:00 2001 From: Jeff Date: Thu, 18 Jul 2024 07:06:56 -0400 Subject: [PATCH] Merge rust and docker workflows --- .gitea/workflows/publish.yaml | 68 ++++++++++++++--------------------- .gitea/workflows/rust.yaml | 32 ----------------- 2 files changed, 27 insertions(+), 73 deletions(-) delete mode 100644 .gitea/workflows/rust.yaml diff --git a/.gitea/workflows/publish.yaml b/.gitea/workflows/publish.yaml index 907756f..256b77d 100644 --- a/.gitea/workflows/publish.yaml +++ b/.gitea/workflows/publish.yaml @@ -1,45 +1,46 @@ name: Docker -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - on: push: - branches: [ "main" ] + branches: + - dev + - main pull_request: - branches: [ "main" ] - + branches: + - dev + - main env: - # Use docker.io for Docker Hub if empty REGISTRY: git.jeffa.io - # github.repository as / IMAGE_NAME: ${{ gitea.repository }} - jobs: - build: - + rust: runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up Rust + uses: actions-rs/toolchain@v1 + + - name: Run cargo clippy + run: cargo clippy -- -D warnings + + - name: Check for errors + run: | + if [ "$?" -ne 0 ]; then + echo "Check failed" + exit 1 + fi + docker: + runs-on: ubuntu-latest + needs: rust permissions: contents: read packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. id-token: write steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 - with: - cosign-release: 'v2.2.4' - # Set up BuildKit Docker container builder to be able to build # multi-platform images and export cache # https://github.com/docker/setup-buildx-action @@ -76,18 +77,3 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} \ No newline at end of file diff --git a/.gitea/workflows/rust.yaml b/.gitea/workflows/rust.yaml deleted file mode 100644 index eb3b835..0000000 --- a/.gitea/workflows/rust.yaml +++ /dev/null @@ -1,32 +0,0 @@ - name: Rust - - on: - push: - branches: - - dev - - main - pull_request: - branches: - - dev - - main - - jobs: - build: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Rust - uses: actions-rs/toolchain@v1 - - - name: Run cargo clippy - run: cargo clippy -- -D warnings - - - name: Check for errors - run: | - if [ "$?" -ne 0 ]; then - echo "Check failed" - exit 1 - fi \ No newline at end of file