Release Server ROCK #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Server ROCK | |
| on: | |
| # Note that when running via workflow_dispatch, the github.ref_name | |
| # variable will match the selected branch name used. | |
| workflow_dispatch: | |
| push: | |
| tags: | |
| - 'v*' | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - run: git fetch --tags --force origin # https://github.com/actions/checkout/issues/882 & https://github.com/actions/checkout/issues/290 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Fix to build rock due to regression in LXD 5.21/stable https://discourse.ubuntu.com/t/mount-root-proc-cannot-mount-proc-read-only-with-lxd-5-21-2-22f93f4-from-snap/47533 | |
| - name: Setup LXD | |
| uses: canonical/setup-lxd@main | |
| with: | |
| channel: 5.21/candidate | |
| - name: ln rockcraft.yaml | |
| run: ln -s ./rocks/jimm.yaml ./rockcraft.yaml | |
| - name: Build ROCK | |
| run: | | |
| /usr/bin/sudo snap install --channel stable --classic rockcraft && \ | |
| rockcraft pack --verbosity trace --use-lxd | |
| - name: Load ROCK into local registry | |
| run: make load-rock | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: 'jimm:latest' | |
| - name: Push to github package | |
| run: | | |
| new_tag=ghcr.io/canonical/jimm:${{ github.ref_name }} | |
| docker tag jimm:latest $new_tag | |
| docker push $new_tag |