Skip to content

[do-not-merge] Trace grpc metadata #3297

[do-not-merge] Trace grpc metadata

[do-not-merge] Trace grpc metadata #3297

Workflow file for this run

---
name: Create OCI image
on:
pull_request:
branches:
- main
paths-ignore:
- 'docs/**'
push:
branches:
- main
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
publish-image:
strategy:
fail-fast: false
matrix:
image: [image, nativelink-worker-init, nativelink-worker-lre-cc]
name: Publish ${{ matrix.image }}
runs-on: ubuntu-22.04
permissions:
packages: write
id-token: write
security-events: write
timeout-minutes: 30
steps:
- name: Checkout
uses: >- # v4.1.1
actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- name: Install Nix
uses: >- # v10
DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563
- name: Cache Nix derivations
uses: >- # v4
DeterminateSystems/magic-nix-cache-action@fc6aaceb40b9845a02b91e059ec147e78d1b4e41
- name: Test image
run: |
nix run .#local-image-test ${{ matrix.image }}
- name: Upload image
run: |
nix run .#publish-ghcr ${{ matrix.image }}
env:
GHCR_REGISTRY: ghcr.io/${{ github.repository_owner }}
GHCR_USERNAME: ${{ github.actor }}
GHCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
if: github.ref == 'refs/heads/main'
- name: Upload trivy scan results to GitHub Security tab
uses: >- # v2.16.3
github/codeql-action/upload-sarif@592977e6ae857384aa79bb31e7a1d62d63449ec5
with:
sarif_file: 'trivy-results.sarif'
if: github.ref == 'refs/heads/main'