mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-29 18:40:23 +00:00
56d08e1b4d
Update GitHub actions to use full length commit ids for third-party actions to reduce security risk in case of vulnerabilities. Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> Co-authored-by: Nikhil-Ladha <nikhilladha1999@gmail.com>
44 lines
1.4 KiB
YAML
44 lines
1.4 KiB
YAML
---
|
|
name: publish artifacts
|
|
# yamllint disable-line rule:truthy
|
|
on:
|
|
push:
|
|
# Sequence of patterns matched against refs/heads
|
|
branches:
|
|
# Push events on default branch
|
|
- devel
|
|
# Push events to branches matching refs/heads/release-v*
|
|
- 'release-v*'
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
push:
|
|
name: Publish artifacts
|
|
runs-on: ubuntu-latest
|
|
if: github.repository == 'ceph/ceph-csi'
|
|
steps:
|
|
# yamllint disable-line rule:line-length
|
|
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
|
|
|
|
- name: Login to Quay
|
|
# yamllint disable-line rule:line-length
|
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
|
|
with:
|
|
registry: quay.io
|
|
username: ${{ secrets.QUAY_IO_USERNAME }}
|
|
password: ${{ secrets.QUAY_IO_PASSWORD }}
|
|
|
|
- name: Set build environment variables
|
|
run: |
|
|
echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
|
|
echo "GITHUB_USER=${{ secrets.CEPH_CSI_BOT_NAME }}" >> $GITHUB_ENV
|
|
echo "GITHUB_EMAIL=${{ secrets.CEPH_CSI_BOT_EMAIL }}" >> $GITHUB_ENV
|
|
echo "GITHUB_TOKEN=${{ secrets.CEPH_CSI_BOT_TOKEN }}" >> $GITHUB_ENV
|
|
|
|
- name: publish artifacts
|
|
# podman cannot pull images with both tag and digest
|
|
# https://github.com/containers/buildah/issues/1407
|
|
# use docker to build images
|
|
run: CONTAINER_CMD=docker ./deploy.sh
|