name: Build and Publish Develop on: workflow_run: workflows: [Build/Test] types: [completed] branches: [develop] concurrency: group: build-opencost-develop cancel-in-progress: false permissions: {} env: # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io jobs: build-and-publish-opencost: runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' }} permissions: contents: read packages: write id-token: write steps: - name: Checkout Repo uses: actions/checkout@v6.0.2 with: ref: ${{ github.event.workflow_run.head_sha }} - name: Set SHA id: sha run: | echo "OC_SHORTHASH=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Set OpenCost Image Tags id: tags env: REPO: ${{ github.repository_owner }} SHORTHASH: ${{ steps.sha.outputs.OC_SHORTHASH }} run: | echo "IMAGE_TAG=ghcr.io/$REPO/opencost:develop-$SHORTHASH" >> $GITHUB_OUTPUT - name: Build and publish container uses: ./.github/actions/build-container with: actor: ${{ github.actor }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} image_tag: ${{ steps.tags.outputs.IMAGE_TAG }} release_version: develop-${{ steps.sha.outputs.OC_SHORTHASH }} - name: Install crane uses: imjasonh/setup-crane@v0.5 - name: Tag and push latest image env: IMAGE_TAG: ${{ steps.tags.outputs.IMAGE_TAG }} run: | # Extract the repository part (everything before the last colon) REPO=$(echo "$IMAGE_TAG" | sed 's/:.*$//') # Create the new tag NEW_TAG="${REPO}:develop-latest" echo "Copying $IMAGE_TAG to ${NEW_TAG}" crane copy "$IMAGE_TAG" "${NEW_TAG}" - name: Sign image and attest SLSA provenance uses: ./.github/actions/sign-image with: image: ${{ steps.tags.outputs.IMAGE_TAG }} workflow-path: .github/workflows/build-and-publish-develop.yml run-started-at: ${{ github.run_started_at }}