Skip to content

Commit b7ba9c6

Browse files
jjmerchantesduenas
jjmerchante
authored and
sduenas
committed
[CI] Update Docker image configuration
Update the configuration of the workflow and update tags of the actions to match the latest version. Update cosign command to use GitHub OIDC token. Signed-off-by: Jose Javier Merchante <[email protected]>
1 parent 029969c commit b7ba9c6

File tree

1 file changed

+18
-12
lines changed

1 file changed

+18
-12
lines changed

.github/workflows/docker-image.yml

Lines changed: 18 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -15,13 +15,17 @@ jobs:
1515
build-image:
1616
runs-on: ubuntu-latest
1717
environment: docker-release
18+
permissions:
19+
contents: read
20+
id-token: write # needed for signing the images with GitHub OIDC Token
21+
1822
steps:
1923
- name: Install Cosign
20-
uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
24+
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
2125

2226
- name: Docker metadata
2327
id: meta
24-
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
28+
uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
2529
with:
2630
images: |
2731
${{ env.DOCKER_IMAGE_NAME }}
@@ -30,33 +34,35 @@ jobs:
3034
type=raw,value=${{ inputs.version }}
3135
3236
- name: Set up QEMU
33-
uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
37+
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
3438
with:
3539
platforms: linux/arm64
3640

3741
- name: Set up Docker Buildx
38-
uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0
42+
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
3943

4044
- name: Login to DockerHub
41-
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
45+
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
4246
with:
4347
username: ${{ secrets.DOCKERHUB_USERNAME }}
4448
password: ${{ secrets.DOCKERHUB_TOKEN }}
4549

4650
- name: Build and push
4751
id: build-and-push
48-
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
52+
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
4953
with:
5054
platforms: linux/amd64,linux/arm64
5155
context: "{{defaultContext}}:docker"
5256
push: true
5357
tags: ${{ steps.meta.outputs.tags }}
5458

55-
- name: Sign image with a key
56-
run: |
57-
echo "${TAGS}" | xargs -I {} cosign sign -y -r --key env://COSIGN_PRIVATE_KEY "{}@${DIGEST}"
59+
- name: Sign the images with GitHub OIDC Token
5860
env:
59-
TAGS: ${{ steps.meta.outputs.tags }}
60-
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
61-
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
6261
DIGEST: ${{ steps.build-and-push.outputs.digest }}
62+
TAGS: ${{ steps.meta.outputs.tags }}
63+
run: |
64+
images=""
65+
for tag in ${TAGS}; do
66+
images+="${tag}@${DIGEST} "
67+
done
68+
cosign sign --yes ${images}

0 commit comments

Comments
 (0)