Skip to content
.github/workflows/ramius.yml

try with annotations attribute in docker build push action input #53

Sign in to view logs

try with annotations attribute in docker build push action input

try with annotations attribute in docker build push action input #53

Workflow file for this run

.github/workflows/ramius.yml at 9a0d475
---

Check failure on line 1 in .github/workflows/ramius.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ramius.yml

Invalid workflow file 

(Line: 102, Col: 9): Unexpected value 'push', (Line: 103, Col: 9): Unexpected value 'context', (Line: 104, Col: 9): Unexpected value 'tags', (Line: 105, Col: 9): Unexpected value 'build-args', (Line: 110, Col: 9): Unexpected value 'secrets'
name: ramius
on:
workflow_dispatch:
jobs:
job_setup:
runs-on: ubuntu-latest
steps:
- name: retrieve ${{ github.event.repository.name }} project
uses: actions/checkout@v5
- id: sbom
name: retrieve and interpolate versions and tags for upstream dependencies
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# retrieve equivalent semantic version (x.y) of almalinux image latest tag
read -r almalinux <<< $(
echo '{}' \
| jq -r \
--compact-output \
--arg version_latest "$(./utils/equate_tag_semver "docker.io/library/almalinux:9")" \
'{almalinux: {version: $version_latest }}'
)
# retrieve equivalent version of coverity image latest tag
read -r coverity <<< $(
echo '{}' \
| jq -r \
--compact-output \
--arg version_latest "$(./utils/equate_tag "ghcr.io/mantidproject/cov-analysis-linux64:latest" | jq -r '.[]')" \
'{coverity: {version: $version_latest }}'
)
# retrieve version and download_url for github actions runner
read -r gha_runner <<< $(
curl -s https://api.github.com/repos/actions/runner/releases/latest \
| jq -r \
--compact-output \
'{
gha_runner: {
download_url: (.assets[] | select(.name | test("linux-x64")) | .browser_download_url),
version: (.name)
}
}'
)
echo -n "JSON=" >> $GITHUB_OUTPUT
(
echo -n "${almalinux}"
echo -n "${coverity}"
echo -n "${gha_runner}"
) \
| jq -r -s --compact-output '. | add' >> $GITHUB_OUTPUT
outputs:
sbom: ${{ steps.sbom.outputs.JSON }}
job_debug:
needs: job_setup
runs-on: ubuntu-latest
steps:
- name: Extract metadata
id: meta
uses: docker/metadata-action@v6
with:
images: almalinux:9.7
- name: debug
run: |
echo "${{ toJSON(needs.job_setup.outputs.sbom) }} | jq -r '.'"
echo "${{ toJSON(steps.meta.outputs) }} | jq -r '.'"
job_docker:
needs: job_setup
runs-on: ubuntu-latest
steps:
- name: retrieve ${{ github.event.repository.name }} project
uses: actions/checkout@v5
- name: setup buildx
uses: docker/setup-buildx-action@v3
- name: Log into registry ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: build and push - github runner w/ coverity
uses: docker/build-push-action@v6
with:
annotations: |
index:org.opencontainers.image.description=Github Runner w/ Coverity v${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }}
index:org.opencontainers.image.version=${{ fromJSON(needs.job_setup.outputs.sbom).almalinux.version }}-${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }}
push: true
context: Linux/coverity/docker
tags: ghcr.io/${{ github.repository_owner }}/github-runner-coverity:${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }}
build-args: |
"ALMALINUX_VERSION=${{ fromJSON(needs.job_setup.outputs.sbom).almalinux.version }}"
"COVERITY_VERSION=${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }}"
"GHA_RUNNER_VERSION=${{ fromJSON(needs.job_setup.outputs.sbom).gha_runner.version }}"
"GHA_RUNNER_DOWNLOAD=${{ fromJSON(needs.job_setup.outputs.sbom).gha_runner.download_url }}"
secrets: |
"GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"
# outputs: |
# "type=image,name=target,annotation-index.org.opencontainers.image.description=Github Runner w/ Coverity v${{ fromJSON(needs.job_setup.outputs.sbom).coverity.version }}