From 7754698a2e6dc7dfd7aa4c176266d8f842d3d6ec Mon Sep 17 00:00:00 2001 From: Max Leske Date: Sat, 18 May 2024 15:58:29 +0200 Subject: [PATCH] fix: use correct image ref to run container --- .github/workflows/release.yml | 36 +++++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 95b9168..f4f5c9d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,9 @@ on: # Declare default permissions as read only. permissions: read-all +env: + REPO: ghcr.io/coreruleset/albedo + jobs: goreleaser: runs-on: ubuntu-latest @@ -95,20 +98,9 @@ jobs: files: | ./docker-bake.hcl targets: default - push: false + push: true provenance: true sbom: true - - - name: Run container - run: | - echo "Starting container" - docker run --pull "never" -d --name albedo-test "${REPO}:0" - docker logs albedo-test - - - name: Verify container - run: | - [ $(docker inspect albedo-test --format='{{.State.Running}}') = 'true' ] - - name: Sign the images with GitHub OIDC Token env: METADATA: ${{ steps.build-and-push.outputs.metadata }} @@ -120,3 +112,23 @@ jobs: images+="${tag}@${DIGEST} " done cosign sign --yes ${images} + + verify-images: + name: Verify images + runs-on: ubuntu-latest + needs: + - publish-images + steps: + - name: Run container + run: | + tag="$(sed 's/^v//' <<<"${{ github.ref_name }}")" + image_ref="${REPO}:${tag}" + echo "Pulling ${image_ref} ..." + docker pull "${image_ref}" + echo "Starting container ${image_ref} ..." + docker run --pull "never" -d --name albedo-test "${image_ref}" + docker logs albedo-test + + - name: Verify container + run: | + [ $(docker inspect albedo-test --format='{{.State.Running}}') = 'true' ]