Skip to content

Set token to explicit content read permissions #3166

Set token to explicit content read permissions

Set token to explicit content read permissions #3166

Workflow file for this run

name: Build
on:
push:
tags:
- v**
pull_request_target:
types:
- opened
- synchronize
- reopened
paths:
- tests/**
- make/**
- Makefile
- .github/**
- pkg/**
- cmd/**
- go.mod
- go.sum
- examples/**
jobs:
permissions:
content: read
detect:
runs-on: ubuntu-latest
outputs:
flavor: ${{ steps.set-matrix.outputs.flavor }}
platform: ${{ steps.set-platform.outputs.platform }}
steps:
- id: set-matrix
run: |
echo "flavor=['green', 'blue', 'orange']" >> $GITHUB_OUTPUT
- id: set-platform
run: |
if [ "${{ startsWith(github.event.ref, 'refs/tags/v') }}" == "true" ]; then
echo "platform='linux/x86_64,linux/arm64'" >> $GITHUB_OUTPUT
else
echo "platform='linux/x86_64'" >> $GITHUB_OUTPUT
fi
build-toolkit:
needs:
- detect
permissions:
packages: write
runs-on: ubuntu-latest
env:
PLATFORM: ${{ needs.detect.outputs.platform }}
TOOLKIT_REPO: ghcr.io/${{github.repository}}/elemental-cli
steps:
- uses: actions/checkout@v4
with:
ref: "${{ github.event.pull_request.head.sha }}"
- run: |
git fetch --prune --unshallow
- name: Log in to ghcr.io
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build toolkit
run: |
make DOCKER_ARGS=--push build
build-matrix:
needs:
- detect
- build-toolkit
strategy:
matrix:
flavor: ${{fromJson(needs.detect.outputs.flavor)}}
fail-fast: false
uses: ./.github/workflows/build_and_test_x86.yaml
with:
flavor: ${{ matrix.flavor }}