Skip to content

Commit

Permalink
feat: switch to docker/build-push-action
Browse files Browse the repository at this point in the history 
Custom build-push step did not provide OIDC
token.  Switching to standard GitHub Action.
Also added Checkout, Qemu, and Buildx to
accomodate multiple platforms.

Signed-off-by: Arthur Savage <[email protected]>
  • Loading branch information
@arthurus-rex
arthurus-rex committed Jul 29, 2024
1 parent e1ebe27 commit 5a0fe38
Showing 1 changed file with 21 additions and 10 deletions.
31 changes: 21 additions & 10 deletions .github/workflows/image.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,33 +7,44 @@ jobs:
contents: read
packages: write
id-token: write

steps:
- name: checkout
uses: actions/[email protected]

- name: qemu-setup
uses: docker/setup-qemu-action@v3

- name: docker-buildx
uses: docker/setup-buildx-action@v3

- name: login-quay
uses: docker/login-action@v3
with:
registry: quay.io/rh-ee-asavage
username: ${{ secrets.USERNAME }}
password: ${{ secrets.PASSWORD }}

- name: install-cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v2.2.4'

- name: check-cosign-install
run: cosign version

- name: checkout
uses: actions/[email protected]
with:
fetch-depth: 0
- name: build-push
run: |
echo "Test message build-push"
cat > ./Dockerfile <<EOF
FROM alpine
CMD ["echo", "Hello container!"]
EOF
docker build -t quay.io/rh-ee-asavage/gha-image-test:latest .
docker push quay.io/rh-ee-asavage/gha-image-test:latest
echo "Success build-sign-push"

- name: build-push-action
id: build-push-image
uses: docker/build-push-action@v3
with:
push: true
tags: quay.io/rh-ee-asavage/gha-image-test:latest

- name: sign-image
run: |
cosign sign -y quay.io/rh-ee-asavage/gha-image-test:latest${{ steps.build-push.outputs.digest }}

0 comments on commit 5a0fe38

Please sign in to comment.