Merge pull request #226 from GeoWerkstatt/build-attestations

Add inputs for (SBOM) attestations
GeoWerkstatt · Nov 8, 2024 · 2872265 · 2872265
2 parents 9f25c93 + 39a5a5e
commit 2872265
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 109 deletions.
diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml
diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
@@ -35,8 +35,11 @@ jobs:
             org.opencontainers.image.created=${{ env.COMMITED_AT }}
             org.opencontainers.image.version=v${{ env.VERSION }}
             org.opencontainers.image.maintainer=GeoWerkstatt GmbH <[email protected]>
+          flavor: |
+            latest=false
           tags: |
             type=edge
+            type=semver,pattern=v{{version}},value=${{ env.VERSION }}
 
       - name: Log in to the GitHub container registry
         uses: docker/login-action@v3
@@ -55,8 +58,8 @@ jobs:
             REVISION=${{ env.REVISION }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:edge
-          cache-to: type=inline
+          sbom: true
+          provenance: mode=max
 
       - name: Create GitHub pre-release
         run: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -17,51 +17,25 @@ env:
 jobs:
   retag-docker-image:
     runs-on: ubuntu-latest
-    name: Push updated Docker image
+    name: Retag Docker image as latest
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
       - name: Set environment variables
         run: |
           echo VERSION=${TAG_NAME#v} >> $GITHUB_ENV
           echo IMAGE_NAME=$REGISTRY/$(echo ${GITHUB_REPOSITORY,,}) >> $GITHUB_ENV
-          echo COMMITED_AT=$(git show -s --format=%cI `git rev-parse HEAD`) >> $GITHUB_ENV
-          echo REVISION=$(git rev-parse --short HEAD) >> $GITHUB_ENV
-
-      - name: Collect Docker image metadata
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.IMAGE_NAME }}
-          labels: |
-            org.opencontainers.image.created=${{ env.COMMITED_AT }}
-            org.opencontainers.image.version=v${{ env.VERSION }}
-            org.opencontainers.image.maintainer=GeoWerkstatt GmbH <[email protected]>
-          tags: |
-            type=semver,pattern=v{{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
-            type=semver,pattern=v{{version}}
 
       - name: Log in to the GitHub container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.repository_owner  }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ github.repository_owner }} --password-stdin
+
+      - name: Pull docker image
+        run: docker pull ${{ env.IMAGE_NAME }}:v${{ env.VERSION }}
+
+      - name: Tag docker image
+        run: docker tag ${{ env.IMAGE_NAME }}:v${{ env.VERSION }} ${{ env.IMAGE_NAME }}:latest
 
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          build-args: |
-            VERSION=${{ env.VERSION }}
-            REVISION=${{ env.REVISION }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.IMAGE_NAME }}:edge
-          cache-to: type=inline
+      - name: Push docker image
+        run: docker push ${{ env.IMAGE_NAME }}:latest
 
   patch-changelog:
     runs-on: ubuntu-latest

diff --git a/README.md b/README.md
@@ -42,12 +42,6 @@ services:
     #   - image: ghcr.io/geowerkstatt/interlis-check-service:v3.2.1
     #     Stable tag for a specific version
     #
-    #   - image: ghcr.io/geowerkstatt/interlis-check-service:v3-beta
-    #     Reflects the last commit on branches matching 'releases/beta/**'
-    #     May be used to preview upcoming releases
-    #     Contains breaking changes and incompatibilities
-    #     NOT RECOMMENDED!
-    #
     #   - image: ghcr.io/geowerkstatt/interlis-check-service:latest
     #     Points to the latest stable tag, no matter what the current major version is
     #     May contain breaking changes and incompatibilities

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,12 +7,6 @@ services:
     #   - image: ghcr.io/geowerkstatt/interlis-check-service:v3.2.1
     #     Stable tag for a specific version
     #
-    #   - image: ghcr.io/geowerkstatt/interlis-check-service:v3-beta
-    #     Reflects the last commit on branches matching 'releases/beta/**'
-    #     May be used to preview upcoming releases
-    #     Contains breaking changes and incompatibilities
-    #     NOT RECOMMENDED!
-    #
     #   - image: ghcr.io/geowerkstatt/interlis-check-service:latest
     #     Points to the latest stable tag, no matter what the current major version is
     #     May contain breaking changes and incompatibilities