aljaz/gcups
1
0
Fork 0
mirror of https://github.com/aljazceru/gcups.git synced 2025-12-17 05:14:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix[ci]: Make image push and sign properly

Browse Source
This commit is contained in:
Damian Fajfer
2025-02-08 09:06:21 +01:00
committed by GitHub
parent 6e5b31a308
commit 674dd569c6
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/docker-publish.yaml vendored
View File

@@ -2,8 +2,7 @@ name: Publish Docker image
on: on:
push: push:
branches: ["main"] branches: ["main", "fix-ci"]
tags: ["1.1.7"]
pull_request: pull_request:
branches: ["main"] branches: ["main"]
@@ -64,13 +63,17 @@ jobs:
id: build-and-push id: build-and-push
uses: mr-smithers-excellent/docker-build-push@v6 uses: mr-smithers-excellent/docker-build-push@v6
with: with:
image: gcups/fajfer image: gcups
tags: ${{ env.TAG_NAME }} tags: ${{ env.TAG_NAME }}
registry: ${{ env.REGISTRY }} registry: ${{ env.REGISTRY }}
dockerfile: gcups/Dockerfile
directory: gcups directory: gcups
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Save digest
id: digest-saver
run: echo "digest=$(docker manifest inspect ghcr.io/fajfer/gcups:1.1.7 | jq -r '.config.digest')" >> "$GITHUB_OUTPUT"
# Sign the resulting Docker image digest except on PRs. # Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker # This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish # repository is public to avoid leaking data. If you would like to publish
@@ -81,7 +84,7 @@ jobs:
env: env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }} TAGS: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }}
DIGEST: ${{ steps.build-and-push.outputs.digest }} DIGEST: ${{ steps.digest-saver.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate # This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance. # against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}