toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feat: pin server image to digest at deploy time

Browse source
This commit is contained in:
Christopher Mühl 2026-02-18 13:23:18 +01:00
parent 5b2c68c4ef
commit bc2885c5c7
No known key found for this signature in database
GPG key ID: 925AC7D69955293F
1 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
deploy-static-site/action.yaml
View file

@ -49,7 +49,7 @@ runs:
steps: steps:
- name: Install tools - name: Install tools
shell: bash shell: bash
run: NIXPKGS_ALLOW_UNFREE=1 nix profile install --impure nixpkgs#nomad nixpkgs#awscli2 run: NIXPKGS_ALLOW_UNFREE=1 nix profile install --impure nixpkgs#nomad nixpkgs#awscli2 nixpkgs#skopeo
- name: Build site - name: Build site
shell: bash shell: bash
@ -77,6 +77,14 @@ runs:
/tmp/site.tar.gz \ /tmp/site.tar.gz \
"s3://${{ inputs.s3-bucket }}/sites/${{ inputs.domain }}/${SITE_HASH}.tar.gz" "s3://${{ inputs.s3-bucket }}/sites/${{ inputs.domain }}/${SITE_HASH}.tar.gz"
- name: Resolve server image digest
shell: bash
run: |
DIGEST=$(skopeo inspect --format '{{.Digest}}' "docker://${{ inputs.server-image }}")
IMAGE_REPO="${{ inputs.server-image }}"
IMAGE_REPO="${IMAGE_REPO%%:*}"
echo "SERVER_IMAGE_PINNED=${IMAGE_REPO}@${DIGEST}" >> $GITHUB_ENV
- name: Deploy Nomad job - name: Deploy Nomad job
shell: bash shell: bash
run: | run: |
@ -88,7 +96,7 @@ runs:
NOMAD_ADDR: ${{ inputs.nomad-addr }} NOMAD_ADDR: ${{ inputs.nomad-addr }}
DOMAIN: ${{ inputs.domain }} DOMAIN: ${{ inputs.domain }}
SITE_HASH: ${{ env.SITE_HASH }} SITE_HASH: ${{ env.SITE_HASH }}
SERVER_IMAGE: ${{ inputs.server-image }} SERVER_IMAGE: ${{ env.SERVER_IMAGE_PINNED }}
DATACENTER: ${{ inputs.datacenter }} DATACENTER: ${{ inputs.datacenter }}
S3_BUCKET: ${{ inputs.s3-bucket }} S3_BUCKET: ${{ inputs.s3-bucket }}