Skip to content

Commit 6403f21

Browse files
authored
Add test to the pipeline before pushing the image
1 parent 402f2ff commit 6403f21

File tree

1 file changed

+28
-6
lines changed

1 file changed

+28
-6
lines changed

.github/workflows/build-and-publish.yml

+28-6
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,7 @@ jobs:
8282
8383
# Build and push Docker image with Buildx (don't push on PR)
8484
# https://github.com/docker/build-push-action
85-
- name: Build and push Docker image
85+
- name: Build Docker image
8686
id: build-and-push
8787
uses: docker/build-push-action@v5
8888
with:
@@ -92,22 +92,44 @@ jobs:
9292
PARTMAN_VERSION=${{ matrix.partman_version }}
9393
PARTMAN_CHECKSUM=${{ matrix.partman_checksum }}
9494
platforms: linux/amd64,linux/arm64
95-
push: ${{ github.event_name != 'pull_request' }}
95+
push: false
9696
tags: ${{ steps.meta.outputs.tags }}
9797
labels: ${{ steps.meta.outputs.labels }}
98+
load: true
9899
cache-from: type=gha
99100
cache-to: type=gha,mode=max
100101

102+
- name: Smoke Test - Start and Check Database
103+
run: |
104+
docker run -d --name postgres-test -e POSTGRES_PASSWORD=mysecretpassword ${{env.REGISTRY}}/${{env.IMAGE_NAME}}:${{ matrix.postgres_version }}-${{ matrix.major }}
105+
sleep 10
106+
docker exec postgres-test pg_isready -U postgres
107+
docker stop postgres-test
108+
docker rm postgres-test
101109
110+
- name: Push Docker Image
111+
if: ${{ success() && github.event_name != 'pull_request' }}
112+
uses: docker/build-push-action@v5
113+
with:
114+
context: .
115+
build-args: |
116+
POSTGRESQL_VERSION=${{ matrix.postgres_version }}
117+
PARTMAN_VERSION=${{ matrix.partman_version }}
118+
PARTMAN_CHECKSUM=${{ matrix.partman_checksum }}
119+
platforms: linux/amd64,linux/arm64
120+
push: true
121+
tags: ${{ steps.meta.outputs.tags }}
122+
labels: ${{ steps.meta.outputs.labels }}
123+
cache-from: type=gha
124+
cache-to: type=gha,mode=max
125+
102126
# Sign the resulting Docker image digest except on PRs.
103127
# This will only write to the public Rekor transparency log when the Docker
104128
# repository is public to avoid leaking data. If you would like to publish
105129
# transparency data ev en for private images, pass --force to cosign below.
106130
# https://github.com/sigstore/cosign
107131
- name: Sign the published Docker image
108-
if: ${{ github.event_name != 'pull_request' }}
132+
if: ${{ success() && github.event_name != 'pull_request' }}
109133
env:
110134
COSIGN_EXPERIMENTAL: "true"
111-
# This step uses the identity token to provision an ephemeral certificate
112-
# against the sigstore community Fulcio instance.
113-
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign -y {}@${{ steps.build-and-push.outputs.digest }}
135+
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign -y {}@${{ steps.build.outputs.digest }}

0 commit comments

Comments
 (0)