ci: sign images #13

Workflow file for this run

.github/workflows/build-docker.yaml at 25f8acb

	name: Build docker
	on:
	workflow_dispatch:
	push:
	branches:
	- master
	paths:
	- dockerfiles/**
	- .github/workflows/build-docker.yaml
	pull_request:
	paths:
	- dockerfiles/**
	- .github/workflows/build-docker.yaml
	jobs:
	build-and-push:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3
	with:
	platforms: linux/amd64,linux/arm64
	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3
	- name: Set up cosign
	uses: sigstore/cosign-installer@v3
	if: ${{ github.event_name != 'pull_request' }}
	- name: login to Docker Hub
	if: ${{ github.event_name != 'pull_request' }}
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}
	- name: login to quay.io
	if: ${{ github.event_name != 'pull_request' }}
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAYIO_USERNAME }}
	password: ${{ secrets.QUAYIO_PASSWORD }}
	- name: Login to GitHub Container Registry
	if: ${{ github.event_name == 'pull_request' }}
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Build and push
	uses: docker/bake-action@v5
	id: bake
	with:
	builder: ${{ steps.buildx.outputs.name }}
	workdir: dockerfiles
	provenance: true
	sbom: true
	push: true
	targets: ktls-utils
	env:
	GIT_COMMIT: ${{ github.sha }}
	CACHE: true
	REGISTRIES: ghcr.io/piraeusdatastore
	- name: Sign images
	run: \|
	jq '.[] \| ."containerimage.digest" as $DIGEST \| ."image.name" \| split(",")[] \| "\(.)@\($DIGEST)"' -r <<<'${{ steps.bake.outputs.metadata }}' \
	\| xargs echo cosign sign --yes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci: sign images #13

Workflow file

ci: sign images #13

Jobs

Run details

Workflow file for this run