ci: GHA→ghcr build for infra-ci (ADR-0002 #30, bootstrap-safe — woodpecker build kept until proven)
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
eb8b550521
commit
23fc2bf2ec
1 changed files with 37 additions and 0 deletions
37
.github/workflows/build-infra-ci.yml
vendored
Normal file
37
.github/workflows/build-infra-ci.yml
vendored
Normal file
|
|
@ -0,0 +1,37 @@
|
||||||
|
name: Build infra-ci
|
||||||
|
|
||||||
|
# ADR-0002: the infra CI toolbox image (terraform/terragrunt/sops/kubectl/vault)
|
||||||
|
# built off-infra on GHA → ghcr (public). BOOTSTRAP-CRITICAL: .woodpecker/default.yml's
|
||||||
|
# apply step runs in this image. The Woodpecker build-ci-image.yml is kept until a
|
||||||
|
# ghcr-based apply is proven, then removed.
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [master]
|
||||||
|
paths:
|
||||||
|
- 'ci/Dockerfile'
|
||||||
|
workflow_dispatch: {}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
packages: write
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
- uses: docker/setup-buildx-action@v3
|
||||||
|
- uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ghcr.io
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
- uses: docker/build-push-action@v6
|
||||||
|
with:
|
||||||
|
context: ci
|
||||||
|
platforms: linux/amd64
|
||||||
|
provenance: false
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
ghcr.io/viktorbarzin/infra-ci:latest
|
||||||
|
ghcr.io/viktorbarzin/infra-ci:${{ github.sha }}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue