env cannot reference env #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Release | |
| on: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| env: | |
| REGISTRY: ghcr.io | |
| ORG_NAME: ${{ github.repository_owner }} | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| release: | |
| name: Release | |
| strategy: | |
| matrix: | |
| os: ["ubuntu-24.04", "ubuntu-24.04-arm"] | |
| runs-on: ${{ matrix.os }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nixbuild/nix-quick-install-action@v30 | |
| with: | |
| nix_conf: ${{ env.nix_conf }} | |
| - name: Restore and save Nix store | |
| uses: nix-community/cache-nix-action@v6 | |
| with: | |
| primary-key: build-${{ runner.os }}-${{ hashFiles('Cargo.lock', '**/Cargo.toml', 'flake.nix', 'flake.lock', 'rust-toolchain.toml') }} | |
| # We don't want to affect the cache when building the container | |
| purge: false | |
| save: false | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Container | |
| run: nix run .#streamImage | docker image load | |
| - name: Tag the Container | |
| env: | |
| FQDN: ${{ env.REGISTRY }}/${{ env.ORG_NAME }}/${{ env.IMAGE_NAME }} | |
| run: docker tag "${{ env.IMAGE_NAME }}:latest" "${{ env.FQDN }}:latest" "${{ env.FQDN }}:${{ github.ref_name }}:${{ github.ref_name }}" | |
| - name: Push the Container | |
| env: | |
| FQDN: ${{ env.REGISTRY }}/${{ env.ORG_NAME }}/${{ env.IMAGE_NAME }} | |
| run: docker push "${{ env.FQDN }}:latest" "${{ env.FQDN }}:${{ github.ref_name }}" | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v2 | |
| env: | |
| FQDN: ${{ env.REGISTRY }}/${{ env.ORG_NAME }}/${{ env.IMAGE_NAME }} | |
| with: | |
| subject-name: ${{ env.FQDN }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true |