Refactor into a composite action and integrate with generate-build-provenance action

- Refactor the action from a 'node' action to a 'composite' action
- Create and output a sha256 hash of the image manifest
- Update action inputs & outputs
- Integrate with the 'generate-build-provenance' action as part of the composite action
This commit is contained in:
David Daly
2024-01-19 19:00:06 +00:00
committed by Edwin Sirko
parent 997bea009b
commit 1fbd6bde21
5 changed files with 61 additions and 6 deletions
+3 -1
View File
@@ -8,6 +8,8 @@ jobs:
steps:
- name: Checking out!
uses: actions/checkout@v4
- uses: actions/setup-node@v3.6.0
with:
node-version: 16
- name: Publish action package
uses: ./
+20 -2
View File
@@ -27,5 +27,23 @@ outputs:
package-manifest:
description: 'The package manifest of the published package in JSON format'
runs:
using: 'node16'
main: 'dist/index.js'
using: 'composite'
steps:
- run: ls
shell: bash
# - run: node ./dist/index.js
# shell: bash
- uses: ddivad195/publish-action-package/package-and-publish@v0.0.51
id: publish
- name: Output variables
shell: bash
run: |
echo "package manifest": ${{steps.publish.outputs.package-manifest}}
echo "package manifest": ${{steps.publish.outputs.package-url}}
echo "package-manifest=${{steps.publish.outputs.package-manifest}}" >> $GITHUB_OUTPUT
echo "package-url=${{steps.publish.outputs.package-url}}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
# runs:
# using: node20
# main: dist/index.js
Generated Vendored
+3 -1
View File
@@ -74764,7 +74764,9 @@ async function run() {
}
// Gather & validate user inputs
const token = core.getInput('token');
const registryURL = new URL(core.getInput('registry')); // TODO: Should this be dynamic? Maybe an API endpoint to grab the registry for GHES/proxima purposes.
const registryURL = new URL('https://ghcr.io/'); // TODO: Should this be dynamic? Maybe an API endpoint to grab the registry for GHES/proxima purposes.
console.log(core.getInput('registry'));
console.log(`registryURL: ${registryURL}`);
// Paths to be included in the OCI image
const paths = core.getInput('path').split(' ');
let path = '';
+32
View File
@@ -0,0 +1,32 @@
name: 'Package and Publish'
description: 'Publish actions as OCI artifacts to GHCR'
# TODO: Add your action's branding here. This will appear on the GitHub Marketplace.
branding:
icon: 'heart'
color: 'red'
inputs:
token:
required: true
description: >
GITHUB_TOKEN having the write:package scope to publish an action package to GHCR.
default: ${{ github.token }}
path:
required: false
description: The work directory or path to be tar archived and uploaded as OCI Artifact layer.
default: '.'
registry:
required: false
description: The registry to publish the action package to.
default: https://ghcr.io/ # TODO: this should perhaps be fetched from GitHub API.
outputs:
package-url:
description: 'The name of package published to GHCR along with semver. For example, https://ghcr.io/actions/package-action:1.0.1'
package-manifest:
description: 'The package manifest of the published package in JSON format'
runs:
using: node20
main: ../dist/index.js
+3 -2
View File
@@ -39,8 +39,9 @@ export async function run(): Promise<void> {
// Gather & validate user inputs
const token: string = core.getInput('token')
const registryURL: URL = new URL(core.getInput('registry')) // TODO: Should this be dynamic? Maybe an API endpoint to grab the registry for GHES/proxima purposes.
const registryURL: URL = new URL('https://ghcr.io/') // TODO: Should this be dynamic? Maybe an API endpoint to grab the registry for GHES/proxima purposes.
console.log(core.getInput('registry'))
console.log(`registryURL: ${registryURL}`)
// Paths to be included in the OCI image
const paths: string[] = core.getInput('path').split(' ')
let path = ''