This repository was archived by the owner on Mar 13, 2026. It is now read-only.

Build container image #220

Workflow file for this run

	---
	name: Build container image
	on:
	pull_request:
	branches:
	- main
	schedule:
	- cron: "05 10 * * *" # 10:05am UTC everyday
	push:
	branches:
	- main
	paths-ignore:
	- "**/README.md"
	workflow_dispatch:

	env:
	IMAGE_DESC: "Bootc image for testing GNOMEOS Bluefin"
	IMAGE_KEYWORDS: "bootc,centos"
	IMAGE_LOGO_URL: "https://avatars.githubusercontent.com/u/136393846?s=200&v=4"
	IMAGE_NAME: "${{ github.event.repository.name }}"
	IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}"
	DEFAULT_TAG: "latest"

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref \|\| github.run_id }}-${{ inputs.brand_name}}-${{ inputs.stream_name }}
	cancel-in-progress: true

	jobs:
	build_push:
	name: Build and push image
	runs-on: ubuntu-24.04

	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout
	uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v5
	with:
	submodules: recursive

	- name: Get current date
	id: date
	run: \|
	# This generates a timestamp like what is defined on the ArtifactHub documentation
	# E.G: 2022-02-08T15:38:15Z'
	# https://artifacthub.io/docs/topics/repositories/container-images/
	# https://linux.die.net/man/1/date
	echo "date=$(date -u +%Y\-%m\-%d\T%H\:%M\:%S\Z)" >> $GITHUB_OUTPUT

	- name: Image Metadata
	uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
	id: metadata
	with:
	tags: \|
	type=raw,value=${{ env.DEFAULT_TAG }}
	type=raw,value=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}}
	type=raw,value={{date 'YYYYMMDD'}}
	type=sha,enable=${{ github.event_name == 'pull_request' }}
	type=ref,event=pr
	labels: \|
	io.artifacthub.package.readme-url=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
	org.opencontainers.image.created=${{ steps.date.outputs.date }}
	org.opencontainers.image.description=${{ env.IMAGE_DESC }}
	org.opencontainers.image.documentation=https://raw.githubusercontent.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/${{ github.sha }}/README.md
	org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/blob/${{ github.sha }}/Containerfile
	org.opencontainers.image.title=${{ env.IMAGE_NAME }}
	org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
	org.opencontainers.image.vendor=${{ github.repository_owner }}
	org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD'}}
	io.artifacthub.package.deprecated=false
	io.artifacthub.package.keywords=${{ env.IMAGE_KEYWORDS }}
	io.artifacthub.package.license=Apache-2.0
	io.artifacthub.package.logo-url=${{ env.IMAGE_LOGO_URL }}
	io.artifacthub.package.prerelease=false
	containers.bootc=1
	sep-tags: " "
	sep-annotations: " "

	- name: Mount BTRFS for podman storage
	id: container-storage-action
	uses: ublue-os/container-storage-action@911baca08baf30c8654933e9e9723cb399892140
	with:
	mount-opts: noatime,compress-force=zstd:2

	- name: Mount BTRFS for /var/tmp
	id: var-tmp-action
	uses: ublue-os/container-storage-action@911baca08baf30c8654933e9e9723cb399892140
	with:
	mount-opts: noatime,compress-force=zstd:2
	target-dir: /var/tmp

	# - name: Build Image
	# id: build_image
	# uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
	# with:
	# containerfiles: ./Containerfile
	# image: ${{ env.IMAGE_NAME }}
	# tags: ${{ steps.metadata.outputs.tags }}
	# labels: ${{ steps.metadata.outputs.labels }}
	# oci: true
	#
	- name: Build Image
	id: build_image
	env:
	META_LABELS: ${{ steps.metadata.outputs.labels }}
	META_TAGS: ${{ steps.metadata.outputs.tags }}
	run: \|
	set -x
	BUILD_ARGS=("--squash-all")

	# get tags from metadata action
	for tag in $META_TAGS; do
	BUILD_ARGS+=("--tag" "$IMAGE_NAME:$tag")
	done

	# get labels from metadata action
	while IFS= read -r label; do
	if [[ -n "$label" ]]; then
	BUILD_ARGS+=("--label" "$label")
	fi
	done <<< "$META_LABELS"

	podman build "${BUILD_ARGS[@]}" .

	- name: Login to GitHub Container Registry
	uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
	if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Push To GHCR
	uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
	if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
	id: push
	env:
	REGISTRY_USER: ${{ github.actor }}
	REGISTRY_PASSWORD: ${{ github.token }}
	with:
	registry: ${{ env.IMAGE_REGISTRY }}
	image: ${{ env.IMAGE_NAME }}
	tags: ${{ steps.metadata.outputs.tags }}
	username: ${{ env.REGISTRY_USER }}
	password: ${{ env.REGISTRY_PASSWORD }}

	- name: Install Cosign
	uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
	if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)

	- name: Sign container image
	if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
	run: \|
	IMAGE_FULL="${{ env.IMAGE_REGISTRY }}/${{ env.IMAGE_NAME }}"
	for tag in ${{ steps.metadata.outputs.tags }}; do
	cosign sign -y --key env://COSIGN_PRIVATE_KEY $IMAGE_FULL:$tag
	done
	env:
	TAGS: ${{ steps.push.outputs.digest }}
	COSIGN_EXPERIMENTAL: false
	COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build container image #220

Workflow file

Build container image #220

Uh oh!

Workflow file for this run