This Action downloads
crane
and adds it to your PATH, with optional signature verification if you use the
SLSA Verifier.
For a quick start guide on the usage of crane, refer to
its documentation.
For available crane releases, refer to
its releases.
This action supports Linux, macOS and Windows runners (results may vary with self-hosted runners).
- name: Install crane
uses: iarekylew00t/crane-installer@v4Note
slsa-verifier must be in your PATH for signature verification or it will
be skipped - See
Automatic verification with SLSA Verifier.
If crane is loaded from cache it will not be re-verified.
| Name | Type | Description | Default |
|---|---|---|---|
crane-release |
String | crane release version to be installed |
latest |
verify |
Boolean | Perform signature verification on crane |
true |
cache |
Boolean | Whether to utilize cache with crane |
true |
token |
String | GitHub token for REST API access | ${{ github.token }} |
| Name | Type | Description |
|---|---|---|
version |
String | The version of crane the was installed |
cache-hit |
Boolean | If crane was installed via cache |
- name: Install crane
uses: iarekylew00t/crane-installer@v4
with:
crane-release: v0.20.2- name: Install crane
uses: iarekylew00t/crane-installer@v4
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}- name: Install crane
uses: iarekylew00t/crane-installer@v4
- name: Login to DockerHub
run: |
echo "${{ secrets.DOCKERHUB_TOKEN }}" | \
crane auth login docker.io \
--user "${{ vars.DOCKERHUB_USERNAME }}" \
--pass-stdin
- name: Login to GHCR
run: |
echo "${{ github.token }}" | \
crane auth login ghcr.io \
--user "${{ github.actor }}" \
--pass-stdin- name: Install SLSA verifier
uses: slsa-framework/slsa-verifier/actions/installer@v2.6.0
- name: Install crane
uses: iarekylew00t/crane-installer@v4Caution
Since this is a TypeScript action you must transpile it into native
JavaScript. This is done for you automatically as part of the npm run all
command and will be validated via the
check-dist.yml
Workflow in any PR.
-
βοΈ Install the version of Node.js as defined in the
.tool-versions.
You can use asdf to help manage your project runtimes.asdf plugin add nodejs https://github.com/asdf-vm/asdf-nodejs.git asdf install
-
π οΈ Install dependencies
npm install
-
ποΈ Format, lint, test, and package your code changes.
npm run all
For maintainers, the following release process should be used when cutting new versions.
-
β¬ Pull down the latest changes and ensure all Workflows are passing.
git checkout main git pull
-
β Bump the package version.
npm version <major|minor|patch> -m "chore: Bumping version to vX.Y.Z"
-
π Create a new Tag, push it up, then create a new Release for the version.
git tag vX.Y.Z git push -u origin vX.Y.Z
Alternatively you can create the Tag on the GitHub Release page itself.
When the tag is pushed it will kick off the Shared Tags Workflows to update the
v$MAJORandv$MAJOR.MINORtags.
Feel free to contribute and make things better by opening an
Issue or
Pull Request.
Thank you for your contribution! β€οΈ
See LICENSE.