guid.foo
Webhook-to-SSE gateway with hierarchical topic routing and signature verification
Add ko image build + push to ATCR in CI
After tests pass, the CI pipeline now builds an OCI image with ko and
pushes it to atcr.io/guid.foo/wicket. Tags each image as :latest and
with a timestamp+sha tag (e.g. 20260304201500-abc1234) so FluxCD's
image automation can pick up new builds in order.
Uses chainguard/static as the base image via .ko.yaml — same idea as
our scratch Dockerfile but with tzdata and CA certs baked in.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+11
+1
.ko.yaml
+1
.ko.yaml
···
1
+
defaultBaseImage: cgr.dev/chainguard/static:latest
+10
.tangled/workflows/ci.yml
+10
.tangled/workflows/ci.yml
···
12
12
- gnugrep
13
13
- gawk
14
14
- coreutils
15
+
- docker
15
16
16
17
steps:
17
18
- name: "Test with coverage"
···
19
20
CGO_ENABLED: "0"
20
21
command: |
21
22
./check-coverage
23
+
24
+
- name: "Build and push image"
25
+
environment:
26
+
CGO_ENABLED: "0"
27
+
KO_DOCKER_REPO: "atcr.io/guid.foo/wicket"
28
+
command: |
29
+
go install github.com/google/ko@latest
30
+
echo "${ATCR_APP_PASSWORD}" | docker login atcr.io -u guid.foo --password-stdin
31
+
ko build --bare --tags "latest,$(date -u +%Y%m%d%H%M%S)-$(git rev-parse --short HEAD)" .