Add container-structure-tests #79

Summary
Jobs
- build
- sign
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/publish-container.yml at 15ca53d

	name: Container CI

	on:
	workflow_dispatch:
	push:
	branches: [ "main" ]
	# Publish semver tags as releases.
	tags: [ 'v..*' ]
	pull_request:
	branches: [ "main" ]

	env:
	IMAGES: \|
	ghcr.io/pgschk/alpine-toolkit
	docker.io/pgschk/alpine-toolkit

	jobs:
	build:
	strategy:
	fail-fast: false
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	# This is used to complete the identity challenge
	# with sigstore/fulcio when running outside of PRs.
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Login to GHCR
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	registry: docker.io
	username: ${{ github.actor }}
	password: ${{ secrets.DOCKER_LOGIN }}

	- name: Docker Metadata
	id: docker-metadata
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ env.IMAGES }}
	tags: \|
	type=edge
	type=sha
	type=ref,event=branch
	type=ref,event=pr
	type=schedule
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}

	- name: Docker Metadata Extended image
	id: docker-metadata-extended
	uses: docker/metadata-action@v5
	with:
	images: \|
	${{ env.IMAGES }}
	tags: \|
	type=edge
	type=sha
	type=ref,event=branch
	type=ref,event=pr
	type=schedule
	type=semver,pattern={{version}}
	type=semver,pattern={{major}}.{{minor}}
	type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
	flavor: \|
	latest=auto
	suffix=-extended,onlatest=true

	- name: Read extended packages file
	id: get-extended-packages
	run: echo "extended-packages=$(tr '\n' ' ' < EXTENDED_PACKAGES)" >> $GITHUB_OUTPUT

	- name: Install QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3

	- name: Cache Docker layers
	uses: actions/cache@v4
	with:
	path: /tmp/.buildx-cache/alpine-toolkit
	key: ${{ runner.os }}-buildx-alpine-toolkit
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Build container image
	id: build-image
	uses: docker/build-push-action@v6
	with:
	builder: ${{ steps.buildx.outputs.name }}
	push: true
	platforms: linux/amd64,linux/ppc64le,linux/s390x,linux/arm64
	tags: ${{ steps.docker-metadata.outputs.tags }}
	labels: ${{ steps.docker-metadata.outputs.labels }}
	cache-from: type=local,src=/tmp/.buildx-cache/alpine-toolkit
	cache-to: type=local,dest=/tmp/.buildx-cache/alpine-toolkit-new

	- name: Build extended container image
	id: build-image-extended
	uses: docker/build-push-action@v6
	with:
	builder: ${{ steps.buildx.outputs.name }}
	push: true
	platforms: linux/amd64,linux/ppc64le,linux/s390x,linux/arm64
	tags: ${{ steps.docker-metadata-extended.outputs.tags }}
	labels: ${{ steps.docker-metadata-extended.outputs.labels }}
	cache-from: type=local,src=/tmp/.buildx-cache/alpine-toolkit
	cache-to: type=local,dest=/tmp/.buildx-cache/alpine-toolkit-new
	build-args: EXTRA_PACKAGES=${{ steps.get-extended-packages.outputs.extended-packages }}

	- name: Pull images
	shell: bash
	run: \|
	docker pull ghcr.io/pgschk/alpine-toolkit@${{ steps.build-image.outputs.digest }}
	docker pull ghcr.io/pgschk/alpine-toolkit@${{ steps.build-image-extended.outputs.digest }}

	# Run container-structure-test
	# https://github.com/marketplace/actions/container-structure-test-action
	- name: Run container-structure-tests
	uses: plexsystems/container-structure-test-action@v0.3.0
	with:
	image: ghcr.io/${{ github.repository }}@${{ steps.build-image.outputs.digest }}
	config: test/container-structure-test/tests.yml

	# Run container-structure-test
	# https://github.com/marketplace/actions/container-structure-test-action
	- name: Run container-structure-tests extended
	uses: plexsystems/container-structure-test-action@v0.3.0
	with:
	image: ghcr.io/${{ github.repository }}@${{ steps.build-image-extended.outputs.digest }}
	config: test/container-structure-test/tests-enhanced.yml

	outputs:
	tags: ${{ steps.docker-metadata.outputs.tags }}
	tags-extended: ${{ steps.docker-metadata.outputs.tags }}
	digest: ${{ steps.build-image.outputs.digest }}
	digest-extended: ${{ steps.build-image-extended.outputs.digest }}

	sign:
	if: ${{ github.event_name != 'pull_request' }}
	needs: build
	runs-on: ubuntu-latest
	permissions:
	packages: write
	id-token: write

	steps:
	- name: Login to GHCR
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	registry: docker.io
	username: ${{ github.actor }}
	password: ${{ secrets.DOCKER_LOGIN }}

	- uses: sigstore/cosign-installer@v3

	- name: Sign image
	run: cosign sign --yes ghcr.io/pgschk/alpine-toolkit@${DIGEST} docker.io/pgschk/alpine-toolkit@${DIGEST}
	env:
	DIGEST: ${{ needs.build.outputs.digest }}
	COSIGN_EXPERIMENTAL: 1

	- name: Sign extended image
	run: cosign sign --yes ghcr.io/pgschk/alpine-toolkit@${DIGEST} docker.io/pgschk/alpine-toolkit@${DIGEST}
	env:
	DIGEST: ${{ needs.build.outputs.digest-extended }}
	COSIGN_EXPERIMENTAL: 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add container-structure-tests #79

Workflow file

Add container-structure-tests #79

Jobs

Run details

Workflow file for this run