chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#150) #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Melange, APKO e GitHub Container Registry | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: Melange, APKO e GitHub Container Registry | |
| runs-on: ubuntu-20.04 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| # Checkout do código | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout code | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| # Configurar Docker Buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 | |
| # Instalar Melange | |
| - name: Install Melange | |
| run: | | |
| wget https://github.com/chainguard-dev/melange/releases/download/v0.11.2/melange_0.11.2_linux_386.tar.gz | |
| tar -xzf melange_0.11.2_linux_386.tar.gz | |
| cd melange_0.11.2_linux_386 | |
| sudo mv melange /usr/local/bin/ | |
| melange version | |
| # Instalar APKO | |
| - name: Install APKO | |
| run: | | |
| wget https://github.com/chainguard-dev/apko/releases/download/v0.14.7/apko_0.14.7_linux_386.tar.gz | |
| tar -xzf apko_0.14.7_linux_386.tar.gz | |
| cd apko_0.14.7_linux_386 | |
| sudo mv apko /usr/local/bin/ | |
| apko version | |
| # Gerar chaves com Melange | |
| - name: Generate keys with Melange | |
| run: | | |
| cd chainguard/environments/prd | |
| melange keygen | |
| # Construir pacotes com Melange | |
| - name: Build packages with Melange | |
| run: | | |
| cd chainguard/environments/prd | |
| melange build melange-prod.yaml --runner docker --signing-key melange.rsa --arch amd64 | |
| # Construir imagem de container com APKO | |
| - name: Build container image with APKO | |
| run: | | |
| cd chainguard/environments/prd | |
| apko build apko-prod.yaml senhas senhas-prod.tar -k melange.rsa.pub --arch amd64 | |
| # Log in no GitHub Container Registry | |
| - name: Log in to GitHub Container Registry | |
| env: | |
| CR_PAT: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| run: echo $CR_PAT | docker login ghcr.io -u nataliagranato --password-stdin | |
| # Load da imagem de container e push para o GitHub Container Registry | |
| - name: Load Docker image | |
| run: | | |
| cd chainguard/environments/prd | |
| docker load < senhas-prod.tar | |
| docker images | |
| docker tag senhas:latest-amd64 ghcr.io/nataliagranato/giropops-senhas:$(date +%s) | |
| docker push ghcr.io/nataliagranato/giropops-senhas:$(date +%s) |