feat(spire): enable persistent disk storage for keys #487
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main and Release Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| tags: | |
| - "v*.*.*" | |
| pull_request: | |
| paths-ignore: | |
| - "*.md" | |
| - "assets/**" | |
| jobs: | |
| push-latest-images: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| runs-on: container-registry | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Print GitHub ref for debugging | |
| run: | | |
| echo "GitHub ref: $GITHUB_REF" | |
| - name: Checkout repo | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main') | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish and Sign Snapshot Image | |
| if: github.event_name == 'push' && (github.ref == 'refs/heads/main') | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: latest | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} | |
| PROJECT_NAME: ${{ vars.PROJECT_NAME }} | |
| publish-release: | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| runs-on: container-registry | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| steps: | |
| - name: Checkout repo | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish and Sign Tagged Image | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: ./.github/actions/publish-and-sign | |
| with: | |
| IMAGE_TAGS: "latest,${{ github.ref_name }}" | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} | |
| REGISTRY_ADDRESS: ${{ vars.REGISTRY_ADDRESS }} | |
| REGISTRY_USERNAME: ${{ vars.REGISTRY_USERNAME }} | |
| PROJECT_NAME: ${{ vars.PROJECT_NAME }} | |
| - name: Setup Go | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: "1.24.11" | |
| - name: Install Task | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: arduino/setup-task@v2 | |
| with: | |
| version: 3.x | |
| - name: Install GoReleaser | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| install-only: true | |
| version: v2.9.0 | |
| - name: Install Syft | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| uses: anchore/sbom-action/download-syft@v0.22.2 | |
| - name: Create Release | |
| if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/')) | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: task release |