name: Rebuild on: workflow_dispatch: inputs: ref: description: 'ref to rebuild, can be a tag, branch or commit sha.' required: true default: 'v0.6.1' permissions: contents: read jobs: checkout: name: Checkout repo runs-on: ubuntu-latest outputs: timestamp: ${{ steps.timestamp.outputs.timestamp }} steps: - name: Checkout uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} - name: set timestamp output id: timestamp run: | echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT # this rebuilds the image and creates a new tag with a timestamp suffix # e.g. v0.6.1-1669145271 and v0.6.1-ubi-1669145271 publish-artifacts: uses: ./.github/workflows/publish.yml needs: checkout permissions: id-token: write contents: read strategy: matrix: include: - dockerfile: "Dockerfile" build-args: "CGO_ENABLED=0" build-arch: "amd64 arm64" build-platform: "linux/amd64,linux/arm64" tag-suffix: "-${{ needs.checkout.outputs.timestamp }}" # distroless - dockerfile: "Dockerfile.ubi" build-args: "CGO_ENABLED=0" build-arch: "amd64 arm64" build-platform: "linux/amd64,linux/arm64" tag-suffix: "-ubi-${{ needs.checkout.outputs.timestamp }}" # ubi - dockerfile: "Dockerfile.ubi" build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" # fips build-arch: "amd64" build-platform: "linux/amd64" tag-suffix: "-ubi-boringssl-${{ needs.checkout.outputs.timestamp }}" with: dockerfile: ${{ matrix.dockerfile }} tag-suffix: ${{ matrix.tag-suffix }} image-name: ghcr.io/${{ github.repository }} build-platform: ${{ matrix.build-platform }} build-args: ${{ matrix.build-args }} build-arch: ${{ matrix.build-arch }} ref: ${{ github.event.inputs.ref }} image-tag: ${{ github.event.inputs.ref }} secrets: GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}