Skip to content
This repository has been archived by the owner on Mar 26, 2024. It is now read-only.

Commit

Permalink
Fix the image base properly
Browse files Browse the repository at this point in the history 
Run cosign over the right image. This is a UUO-xargs but I don't care.

This is getting ridiculous.
  • Loading branch information
@amrc-benmorrow
amrc-benmorrow committed Feb 1, 2024
1 parent 91bb05e commit fba5cf8
Showing 1 changed file with 13 additions and 14 deletions.
27 changes: 13 additions & 14 deletions .github/workflows/docker-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ name: Docker publish

env:
REGISTRY: ghcr.io
IMAGE_BASE: ghcr.io/amrc-factoryplus/acs-base

on:
release:
Expand Down Expand Up @@ -46,8 +47,6 @@ jobs:
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ github.repository }}-build

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
Expand All @@ -59,9 +58,9 @@ jobs:
platforms: linux/amd64,linux/arm64
file: ./Dockerfile.js-build
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.REGISTRY }}/acs-base-js-build:${{ steps.meta.outputs.version }}
tags: ${{ env.IMAGE_BASE }}-js-build:${{ steps.meta.outputs.version }}
build-args: |
base=${{ env.REGISTRY }}/acs-base
base=${{ env.IMAGE_BASE }}
version=${{ steps.meta.outputs.version }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
Expand All @@ -78,7 +77,7 @@ jobs:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-js-build.outputs.digest }}
run: echo "${{ env.IMAGE_BASE }}-js-build:${{ steps.meta.outputs.version }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-js-build.outputs.digest }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
Expand All @@ -90,9 +89,9 @@ jobs:
platforms: linux/amd64,linux/arm64
file: ./Dockerfile.js-run
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.REGISTRY }}/acs-base-js-run:${{ steps.meta.outputs.version }}
tags: ${{ env.IMAGE_BASE }}-js-run:${{ steps.meta.outputs.version }}
build-args: |
base=${{ env.REGISTRY }}/acs-base
base=${{ env.IMAGE_BASE }}
version=${{ steps.meta.outputs.version }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
Expand All @@ -109,7 +108,7 @@ jobs:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-js-run.outputs.digest }}
run: echo "${{ env.IMAGE_BASE }}-js-run:${{ steps.meta.outputs.version }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-js-run.outputs.digest }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
Expand All @@ -121,9 +120,9 @@ jobs:
platforms: linux/amd64,linux/arm64
file: ./Dockerfile.pg-build
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.REGISTRY }}/acs-base-pg-build:${{ steps.meta.outputs.version }}
tags: ${{ env.IMAGE_BASE }}-pg-build:${{ steps.meta.outputs.version }}
build-args: |
base=${{ env.REGISTRY }}/acs-base
base=${{ env.IMAGE_BASE }}
version=${{ steps.meta.outputs.version }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
Expand All @@ -140,7 +139,7 @@ jobs:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-pg-build.outputs.digest }}
run: echo "${{ env.IMAGE_BASE }}-pg-build:${{ steps.meta.outputs.version }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-pg-build.outputs.digest }}

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
Expand All @@ -152,9 +151,9 @@ jobs:
platforms: linux/amd64,linux/arm64
file: ./Dockerfile.pg-run
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ env.REGISTRY }}/acs-base-pg-run:${{ steps.meta.outputs.version }}
tags: ${{ env.IMAGE_BASE }}-pg-run:${{ steps.meta.outputs.version }}
build-args: |
base=${{ env.REGISTRY }}/acs-base
base=${{ env.IMAGE_BASE }}
version=${{ steps.meta.outputs.version }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
Expand All @@ -171,5 +170,5 @@ jobs:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-pg-run.outputs.digest }}
run: echo "${{ env.IMAGE_BASE }}-pg-run:${{ steps.meta.outputs.version }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push-pg-run.outputs.digest }}

0 comments on commit fba5cf8

Please sign in to comment.