Skip to content
Build and publish images for container registries

Build and publish images for container registries #3

Sign in to view logs

Build and publish images for container registries

Build and publish images for container registries #3

Workflow file for this run

.github/workflows/publish.yml at 53cd0c7
name: Build and publish images for container registries
on:
workflow_run:
workflows: [release]
types:
- completed
jobs:
build:
name: Build images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write # needed for signing the images with GitHub OIDC Token
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Install Cosign
uses: sigstore/[email protected]
# https://github.com/docker/setup-qemu-action
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/[email protected]
with:
driver-opts: image=moby/buildkit:master
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build images
id: build-and-push
env:
GIT_TAG: ${{ github.ref }}
uses: docker/[email protected]
with:
files: |
./docker-bake.hcl
targets: default
push: false
provenance: true
sbom: true
- name: Run container
run: |
echo "Starting container"
docker run --pull "never" -d --name albedo-test "${REPO}:0"
docker logs albedo-test
- name: Verify container
run: |
[ $(docker inspect albedo-test --format='{{.State.Running}}') = 'true' ]
- name: Sign the images with GitHub OIDC Token
env:
METADATA: ${{ steps.build-and-push.outputs.metadata }}
run: |
DIGEST=$(echo ${METADATA} | jq -r '.[] | ."containerimage.digest"')
TAGS=$(echo ${METADATA} | jq -r '.[] | ."image.name" | tostring' | tr ',' '\n')
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}