Skip to content

Module Distribution with GitHub Actions

Timoni can be used in GitHub workflows to perform actions such as build, test and push modules to container registries.

Usage

To run Timoni commands on GitHub Linux runners, add the following steps to your GitHub workflow:

steps:
  - name: Setup Timoni
    uses: stefanprodan/timoni/actions/setup@main
    with:
      version: latest # latest or exact version e.g. 0.13.0
  - name: Run Timoni
    run: timoni version

Examples

Push to GitHub Container Registry

Example workflow for linting, testing and pushing a module to GitHub Container Registry:

name: Release module
on:
  push:
    tags: ['*'] # semver format

permissions:
  contents: read # needed for checkout
  packages: write # needed for GHCR access

jobs:
  push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup Timoni
        uses: stefanprodan/timoni/actions/setup@main
      - name: Vet module
        run: |
          timoni mod vet ./modules/my-module
      - name: Push module
        run: |
          timoni mod push ./my-module \
            oci://ghcr.io/${{ github.repository_owner }}/my-module \
            --version ${{ github.ref_name }} \
            --creds ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}  
            --latest \
            -a 'org.opencontainers.image.licenses=Apache-2.0' \
            -a 'org.opencontainers.image.source=https://github.com/${{ github.repository }}' \
            -a 'org.opencontainers.image.description=My Timoni module.' 

Push and sign with Cosign Keyless

Example workflow for pushing and signing the module using Cosign and GitHub OIDC:

name: Release and sign module
on:
  push:
    tag: ['*'] # semver format

permissions:
  contents: read # needed for checkout
  packages: write # needed for GHCR access
  id-token: write # needed for signing

jobs:
  push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup Cosign
        uses: sigstore/cosign-installer@main
      - name: Setup Timoni
        uses: stefanprodan/timoni/actions/setup@main
      - name: Login to GHCR
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Vet module
        run: |
          timoni mod vet ./my-module
      - name: Push and Sign
        run: |
          timoni mod push ./my-module \
            oci://ghcr.io/${{ github.repository_owner }}/my-module \
            --version ${{ github.ref_name }} \
            --latest \
            -a 'org.opencontainers.image.licenses=Apache-2.0' \
            -a 'org.opencontainers.image.source=https://github.com/${{ github.repository }}' \
            -a 'org.opencontainers.image.description=My Timoni module.' \
            --sign=cosign

Push to Docker Hub

Example workflow for using docker login to authenticate to Docker Hub:

name: Release module
on:
  push:
    tag: ['*'] # semver format

permissions:
  contents: read # needed for checkout

jobs:
  push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup Timoni
        uses: stefanprodan/timoni/actions/setup@main
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          registry: docker.io
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Vet module
        run: |
          timoni mod vet ./my-module
      - name: Push
        run: |
          timoni mod push ./my-module \
            oci://docker.io/my-org/my-module \
            --version ${{ github.ref_name }}
            --latest \
            -a 'org.opencontainers.image.licenses=Apache-2.0' \
            -a 'org.opencontainers.image.source=https://github.com/${{ github.repository }}' \
            -a 'org.opencontainers.image.description=My Timoni module.' 
      - name: Pull
        run: |
          mkdir -p /tmp/my-module
          timoni mod pull oci://docker.io/my-org/my-module \
            --version ${{ github.ref_name }} \
            --output /tmp/my-module

Note that docker/login-action can be used to authenticate to any private registry including ACR, ECR, GCR.