Skip to content
.github/workflows/.test.yml

bake: distributed builds #55

Sign in to view logs

bake: distributed builds

bake: distributed builds #55

Workflow file for this run

.github/workflows/.test.yml at 268e1f3
name: .test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
on:
workflow_dispatch:
push:
branches:
- 'main'
- 'releases/v*'
tags:
- 'v*'
pull_request:
jobs:
build-aws-single:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
cache: true
meta-images: |
public.ecr.aws/q3b5f1u4/test-docker-action
meta-tags: |
type=raw,value=build-ghbuilder-single-${{ github.run_id }}
build-file: test/hello.Dockerfile
build-sbom: true
secrets:
registry-auths: |
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
build-aws:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
cache: true
cache-scope: build-aws
meta-images: |
public.ecr.aws/q3b5f1u4/test-docker-action
meta-tags: |
type=raw,value=build-ghbuilder-${{ github.run_id }}
build-file: test/hello.Dockerfile
build-sbom: true
build-platforms: linux/amd64,linux/arm64
secrets:
registry-auths: |
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
build-aws-verify:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
needs:
- build-aws
steps:
-
name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: ${{ needs.build-aws.outputs.cosign-version }}
-
name: Login to registry
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
name: Verify signatures
uses: actions/github-script@v8
env:
INPUT_COSIGN-VERSION: ${{ needs.build-aws.outputs.cosign-version }}
INPUT_COSIGN-VERIFY-COMMANDS: ${{ needs.build-aws.outputs.cosign-verify-commands }}
with:
script: |
const cosignVersion = core.getInput('cosign-version');
core.info(`Cosign version used by Docker GitHub Builder: ${cosignVersion}`);
const cosignVerifyCommands = core.getMultilineInput('cosign-verify-commands');
for (const cmd of cosignVerifyCommands) {
await exec.exec(cmd);
}
build-ghcr:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
meta-images: ghcr.io/docker/github-builder-test
meta-tags: |
type=raw,value=build-${{ github.run_id }}
build-file: test/hello.Dockerfile
build-sbom: true
build-platforms: linux/amd64,linux/arm64
secrets:
registry-auths: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
build-dockerhub-stage:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
meta-images: registry-1-stage.docker.io/docker/github-builder-test
meta-tags: |
type=raw,value=build-${{ github.run_id }}
build-file: test/hello.Dockerfile
build-sbom: true
build-platforms: linux/amd64,linux/arm64
secrets:
registry-auths: |
- registry: registry-1-stage.docker.io
username: ${{ vars.DOCKERHUB_STAGE_USERNAME }}
password: ${{ secrets.DOCKERHUB_STAGE_TOKEN }}
build-dockerhub-stage-oidc:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
meta-images: registry-1-stage.docker.io/docker/github-builder-test
meta-tags: |
type=raw,value=${{ github.run_id }},prefix=oidc-
build-file: test/hello.Dockerfile
build-sbom: true
build-platforms: linux/amd64,linux/arm64
secrets:
registry-auths: |
- registry: registry-1-stage.docker.io
username: docker:cdeb5882-30b7-4076-be92-bfdceb258e9c
build-ghcr-and-aws:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
meta-images: |
ghcr.io/docker/github-builder-test
public.ecr.aws/q3b5f1u4/test-docker-action
meta-tags: |
type=raw,value=${{ github.run_id }},prefix=build-ghcr-and-aws-
build-file: test/hello.Dockerfile
build-sbom: true
build-platforms: linux/amd64,linux/arm64
secrets:
registry-auths: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
build-local:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
artifact-name: build-output
build-file: test/hello.Dockerfile
build-sbom: true
build-platforms: linux/amd64,linux/arm64
build-local-verify:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
needs:
- build-local
steps:
-
name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: ${{ needs.build-local.outputs.cosign-version }}
-
name: Download artifact
uses: actions/download-artifact@v5
with:
name: ${{ needs.build-local.outputs.artifact-name }}
-
name: Verify signatures
uses: actions/github-script@v8
env:
INPUT_COSIGN-VERSION: ${{ needs.build-local.outputs.cosign-version }}
INPUT_COSIGN-VERIFY-COMMANDS: ${{ needs.build-local.outputs.cosign-verify-commands }}
with:
script: |
const cosignVersion = core.getInput('cosign-version');
core.info(`Cosign version used by Docker GitHub Builder: ${cosignVersion}`);
const cosignVerifyCommands = core.getMultilineInput('cosign-verify-commands');
for (const cmd of cosignVerifyCommands) {
await exec.exec(cmd);
}
build-local-single:
uses: ./.github/workflows/build.yml
permissions:
contents: read
packages: write
id-token: write
with:
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
artifact-name: build-output-single
build-file: test/hello.Dockerfile
build-sbom: true
bake-aws:
uses: ./.github/workflows/bake.yml

Check failure on line 239 in .github/workflows/.test.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/.test.yml

Invalid workflow file 

error parsing called workflow
".github/workflows/.test.yml"
-> "./.github/workflows/bake.yml"
: (Line: 142, Col: 14): Unrecognized named-value: 'env'. Located at position 19 within expression: inputs.runs-on || env.DEFAULT_RUNNER, (Line: 631, Col: 14): Unrecognized named-value: 'env'. Located at position 19 within expression: inputs.runs-on || env.DEFAULT_RUNNER
permissions:
contents: read
packages: write
id-token: write
with:
context: test
target: hello-cross
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
cache: true
cache-scope: bake-aws
meta-images: |
public.ecr.aws/q3b5f1u4/test-docker-action
meta-tags: |
type=raw,value=bake-ghbuilder-${{ github.run_id }}
bake-sbom: true
secrets:
registry-auths: |
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
bake-aws-verify:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
needs:
- bake-aws
steps:
-
name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: ${{ needs.bake-aws.outputs.cosign-version }}
-
name: Login to registry
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
name: Verify signatures
uses: actions/github-script@v8
env:
INPUT_COSIGN-VERSION: ${{ needs.bake-aws.outputs.cosign-version }}
INPUT_COSIGN-VERIFY-COMMANDS: ${{ needs.bake-aws.outputs.cosign-verify-commands }}
with:
script: |
const cosignVersion = core.getInput('cosign-version');
core.info(`Cosign version used by Docker GitHub Builder: ${cosignVersion}`);
const cosignVerifyCommands = core.getMultilineInput('cosign-verify-commands');
for (const cmd of cosignVerifyCommands) {
await exec.exec(cmd);
}
bake-ghcr-and-aws:
uses: ./.github/workflows/bake.yml
permissions:
contents: read
packages: write
id-token: write
with:
context: test
target: hello-cross
output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
cache: true
cache-scope: bake-aws
meta-images: |
ghcr.io/docker/github-builder-test
public.ecr.aws/q3b5f1u4/test-docker-action
meta-tags: |
type=raw,value=${{ github.run_id }},prefix=bake-ghcr-and-aws-
bake-sbom: true
secrets:
registry-auths: |
- registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
bake-ghcr-and-aws-verify:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
needs:
- bake-ghcr-and-aws
steps:
-
name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: ${{ needs.bake-ghcr-and-aws.outputs.cosign-version }}
-
name: Login to registry
uses: docker/login-action@v3
with:
registry: public.ecr.aws
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
name: Verify signatures
uses: actions/github-script@v8
env:
INPUT_COSIGN-VERSION: ${{ needs.bake-ghcr-and-aws.outputs.cosign-version }}
INPUT_COSIGN-VERIFY-COMMANDS: ${{ needs.bake-ghcr-and-aws.outputs.cosign-verify-commands }}
with:
script: |
const cosignVersion = core.getInput('cosign-version');
core.info(`Cosign version used by Docker GitHub Builder: ${cosignVersion}`);
const cosignVerifyCommands = core.getMultilineInput('cosign-verify-commands');
for (const cmd of cosignVerifyCommands) {
await exec.exec(cmd);
}
bake-local:
uses: ./.github/workflows/bake.yml
permissions:
contents: read
packages: write
id-token: write
with:
context: test
target: hello-cross
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
cache: true
artifact-name: bake-output
bake-sbom: true
bake-local-verify:
runs-on: ubuntu-latest
if: ${{ github.event_name != 'pull_request' }}
needs:
- bake-local
steps:
-
name: Install Cosign
uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
with:
cosign-release: ${{ needs.bake-local.outputs.cosign-version }}
-
name: Download artifacts
uses: actions/download-artifact@v5
with:
pattern: ${{ needs.bake-local.outputs.artifact-name }}*
merge-multiple: true
-
name: Verify signatures
uses: actions/github-script@v8
env:
INPUT_COSIGN-VERSION: ${{ needs.bake-local.outputs.cosign-version }}
INPUT_COSIGN-VERIFY-COMMANDS: ${{ needs.bake-local.outputs.cosign-verify-commands }}
with:
script: |
const cosignVersion = core.getInput('cosign-version');
core.info(`Cosign version used by Docker GitHub Builder: ${cosignVersion}`);
const cosignVerifyCommands = core.getMultilineInput('cosign-verify-commands');
for (const cmd of cosignVerifyCommands) {
await exec.exec(cmd);
}
bake-local-single:
uses: ./.github/workflows/bake.yml
permissions:
contents: read
packages: write
id-token: write
with:
context: test
target: hello
output: ${{ github.event_name != 'pull_request' && 'local' || 'cacheonly' }}
cache: true
artifact-name: bake-output-single
bake-sbom: true