Skip to content
Publish to ghcr.io

Publish to ghcr.io #1803

Sign in to view logs

Publish to ghcr.io

Publish to ghcr.io #1803

Workflow file for this run

.github/workflows/publish.yml at 09405b2
name: 'Publish to ghcr.io'
on:
workflow_dispatch:
inputs:
run_id:
description: Workflow run ID
type: number
required: true
workflow_run:
workflows: [ 'Build and publish a release', 'nightly' ]
types: [ 'completed' ]
jobs:
workflow_data:
if: ${{ github.event_name == 'workflow_dispatch' && inputs.run_id || github.event.workflow_run.conclusion == 'success' }}
name: Download workflow JSON data from trigger
uses: ./.github/workflows/download_workflow_data.yml
with:
run_id: ${{ github.event_name == 'workflow_dispatch' && inputs.run_id || github.event.workflow_run.id }}
workflow_data_artifact:
name: Publish parent workflow-data artifact
needs: [ workflow_data ]
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # pin@v7.0.0
with:
name: workflow-data
github-token: ${{ github.token }}
run-id: ${{ needs.workflow_data.outputs.run_id }}
- name: Upload parent workflow artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: parent-workflow-data
overwrite: true
path: 'workflow_data.json'
publish_oci_containers:
needs: workflow_data
name: Publish container base image
uses: ./.github/workflows/publish_oci_containers.yml
# @TODO: Replace with safe OCI manifast handling variant
#strategy:
# fail-fast: false
# matrix:
# cnames: [ container-amd64, container-arm64 ]
with:
run_id: ${{ needs.workflow_data.outputs.run_id }}
commit_id: ${{ needs.workflow_data.outputs.commit_id }}
version: ${{ needs.workflow_data.outputs.version }}
target: ${{ needs.workflow_data.outputs.target }}
flavors_matrix: ${{ needs.workflow_data.outputs.flavors_matrix }}
bare_flavors_matrix: ${{ needs.workflow_data.outputs.bare_flavors_matrix }}
original_workflow_name: ${{ needs.workflow_data.outputs.original_workflow_name }}
secrets:
aws_region: ${{ secrets.AWS_REGION }}
aws_role: ${{ secrets.KMS_SIGNING_IAM_ROLE }}
aws_session: ${{ secrets.AWS_OIDC_SESSION }}
oci_kms_arn: ${{ secrets.OCI_KMS_ARN }}
permissions:
packages: write # TODO: 3215 elevated permissions for included workflow
id-token: write # TODO: 3215 elevated permissions for included workflow
actions: write # TODO: 3215 elevated permissions for included workflow
publish_kmodbuild_container:
needs: [ workflow_data ]
name: Publish kernel module build dev container
uses: ./.github/workflows/publish_kmodbuild_container.yml
with:
run_id: ${{ needs.workflow_data.outputs.run_id }}
version: ${{ needs.workflow_data.outputs.version }}
permissions:
packages: write
publish_retry:
needs: [ publish_oci_containers, publish_kmodbuild_container ]
if: ${{ failure() && ( needs.publish_oci_containers.result == 'failure' || needs.publish_kmodbuild_container.result == 'failure' ) }}
name: 'Retry checkpoint: Publish to GitHub'
runs-on: ubuntu-24.04
permissions:
actions: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Retry failed publishing
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const gitHubLib = await import("${{ github.workspace }}/.github/workflows/github.mjs");
const gitHubRef = "${{ github.head_ref == '' && github.ref_name || github.head_ref }}";
return await gitHubLib.dispatchRetryWorkflow(core, github.rest.actions, context, gitHubRef, 3);