From 40a342d2d08e484888461bf071147462846380f5 Mon Sep 17 00:00:00 2001 From: Jashandeep Sohi <jashandeep.s.sohi@gmail.com> Date: Tue, 6 Aug 2024 16:42:24 -0700 Subject: [PATCH] tag images semver --- .github/workflows/build-containers.yaml | 24 +++++++++++++++++++----- flake.nix | 5 +++-- version.nix | 3 +++ 3 files changed, 25 insertions(+), 7 deletions(-) create mode 100644 version.nix diff --git a/.github/workflows/build-containers.yaml b/.github/workflows/build-containers.yaml index 31d3756..1591378 100644 --- a/.github/workflows/build-containers.yaml +++ b/.github/workflows/build-containers.yaml @@ -1,23 +1,37 @@ name: Build Contianers on: push: - branches: + branches: - master jobs: build: concurrency: group: container - + runs-on: ubuntu-latest permissions: id-token: "write" contents: "read" packages: write - + steps: + - uses: docker/metadata-action@v5 + id: meta + with: + tags: | + type=ref,event=branch + type=semver,pattern=v{{major}} + type=semver,pattern=v{{major}}.{{minor}} + type=semver,pattern=v{{version}} + - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/magic-nix-cache-action@main - - run: nix run .#sealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/seal - - run: nix run .#unsealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/unseal + - run: |- + echo '{ name = "${{ github.ref_name }}"; url = "https://github.com/${{ github.repository }}"; }' > version.nix + + for tag in $(jq -r '.tags[]' <<< "$DOCKER_METADATA_OUTPUT_JSON"); do + nix run .#sealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/seal:$tag + nix run .#unsealContainer.copyTo --impure -- --dest-username ${{ github.actor}} --dest-password '${{ secrets.GITHUB_TOKEN }}' docker://ghcr.io/${{ github.repository }}/unseal:$tag + done diff --git a/flake.nix b/flake.nix index 46561a5..ea46643 100644 --- a/flake.nix +++ b/flake.nix @@ -32,8 +32,9 @@ perSystem = { config, self', inputs', pkgs, system, ... }: let - version = with inputs; "${self.shortRev or self.dirtyShortRev or "unknown"}"; - homepage = "https://github.com/jashandeep-sohi/krm-fn-sealedsecrets"; + versionFile = import ./version.nix; + version = with inputs; "${versionFile.name or self.shortRev or self.dirtyShortRev or "unknown"}"; + homepage = versionFile.url or "https://github.com/jashandeep-sohi/krm-fn-sealedsecrets"; buildGoCmd = { pname, cmd }: inputs'.gomod2nix.legacyPackages.buildGoApplication { inherit pname version; src = pkgs.lib.cleanSource ./.; diff --git a/version.nix b/version.nix new file mode 100644 index 0000000..94680e7 --- /dev/null +++ b/version.nix @@ -0,0 +1,3 @@ +# This file can be used to inject version info during build time. +# { name = "xxx"; url = "xxx"} +{ }