ci: GHA→ghcr build for infra-ci (ADR-0002 #30, bootstrap-safe — woodpecker build kept until proven)
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
eb8b550521
commit
23fc2bf2ec
1 changed files with 37 additions and 0 deletions
37
.github/workflows/build-infra-ci.yml
vendored
Normal file
37
.github/workflows/build-infra-ci.yml
vendored
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
name: Build infra-ci
|
||||
|
||||
# ADR-0002: the infra CI toolbox image (terraform/terragrunt/sops/kubectl/vault)
|
||||
# built off-infra on GHA → ghcr (public). BOOTSTRAP-CRITICAL: .woodpecker/default.yml's
|
||||
# apply step runs in this image. The Woodpecker build-ci-image.yml is kept until a
|
||||
# ghcr-based apply is proven, then removed.
|
||||
on:
|
||||
push:
|
||||
branches: [master]
|
||||
paths:
|
||||
- 'ci/Dockerfile'
|
||||
workflow_dispatch: {}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: docker/setup-buildx-action@v3
|
||||
- uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
- uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: ci
|
||||
platforms: linux/amd64
|
||||
provenance: false
|
||||
push: true
|
||||
tags: |
|
||||
ghcr.io/viktorbarzin/infra-ci:latest
|
||||
ghcr.io/viktorbarzin/infra-ci:${{ github.sha }}
|
||||
Loading…
Add table
Add a link
Reference in a new issue