diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml index 2051d55..297c091 100644 --- a/.github/workflows/publish-container.yml +++ b/.github/workflows/publish-container.yml @@ -13,6 +13,7 @@ on: env: REGISTRY: ghcr.io + USER: alwatr jobs: build: @@ -64,9 +65,6 @@ jobs: permissions: contents: read packages: write - # actions: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. id-token: write steps: @@ -81,33 +79,6 @@ jobs: container_folder: ./${{ matrix.path }}/* - # - name: ❔ Stop if files not changed - # if: ${{ steps.file_change.outputs.container_folder != 'true' }} - # run: | - # gh run cancel ${{ github.run_id }} - # gh run watch ${{ github.run_id }} - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: 🏗 Extract Docker metadata - id: meta - if: ${{ steps.file_change.outputs.container_folder == 'true' }} - uses: docker/metadata-action@v5.0.0 - with: - github-token: ${{secrets.GITHUB_TOKEN}} - images: name=${{env.REGISTRY}}/${{github.repository_owner}}/${{matrix.name}} - tags: | - type=raw,value=${{matrix.version.short}} - type=raw,value=${{matrix.version.full}} - labels: | - org.opencontainers.image.title="alwatr/${{matrix.name}}" - org.opencontainers.image.authors="S. Ali Mihandoost (https://ali.mihandoost.com), S. Amir Mohammad Najafi (https://njfamirm.ir/)" - org.opencontainers.image.source="https://github.com/Alwatr/containers/tree/main/${{matrix.name}}" - org.opencontainers.image.licenses="MIT" - org.opencontainers.image.url="https://github.com/Alwatr/containers/tree/main/${{matrix.name}}" - org.opencontainers.image.documentation="https://github.com/Alwatr/containers/tree/main/${{matrix.name}}" - org.opencontainers.image.vendor="Alwatr" - - name: 🏗 Install cosign if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} uses: sigstore/cosign-installer@v3.1.2 @@ -138,16 +109,19 @@ jobs: with: context: ./${{matrix.path}} push: ${{github.event_name != 'pull_request'}} - tags: ${{steps.meta.outputs.tags}} - labels: ${{steps.meta.outputs.labels}} + tags: | + ${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{matrix.version.short}} + ${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{matrix.version.full}} cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache - # cache-from: type=gha - # cache-to: type=gha,mode=max + build-args: | + BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') + BUILD_REV=$(git rev-parse HEAD) - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - name: 🏗 Sign the image with GitHub OIDC Token if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} env: COSIGN_EXPERIMENTAL: 'true' - run: echo "${{steps.meta.outputs.tags}}" | xargs -I {} cosign sign --yes {}@${{steps.build_and_push.outputs.digest}} + run: | + cosign sign --yes "${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{matrix.version.short}}@${{steps.build_and_push.outputs.digest}}" + cosign sign --yes "${{env.REGISTRY}}/${{env.USER}}/${{matrix.name}}:${{matrix.version.full}}@${{steps.build_and_push.outputs.digest}}" diff --git a/alpine/Dockerfile b/alpine/Dockerfile index 2666692..1fc5bae 100644 --- a/alpine/Dockerfile +++ b/alpine/Dockerfile @@ -1,6 +1,21 @@ FROM docker.io/library/alpine:3.17 -LABEL org.opencontainers.image.description "Minimal Docker image based on Alpine Linux with a complete package index and only 5 MB in size!" +ARG BUILD_DATE +ARG BUILD_REV +LABEL org.opencontainers.image.title="alwatr/alpine" \ + org.opencontainers.image.description="This is a lightweight Linux image for use in containerized applications. It includes only the necessary packages and dependencies to keep the image size small and efficient, packaged by Alwatr." \ + org.opencontainers.image.base.name="docker.io/library/alpine:3.17" \ + org.opencontainers.image.version="3.17" \ + org.opencontainers.image.ref.name="3.17" \ + org.opencontainers.image.licenses="MIT" \ + org.opencontainers.image.created=${BUILD_DATE} \ + org.opencontainers.image.revision=${BUILD_REV} \ + org.opencontainers.image.vendor="Alwatr" \ + org.opencontainers.image.source="https://github.com/Alwatr/containers/tree/main/alpine" \ + org.opencontainers.image.url="https://github.com/Alwatr/containers/tree/main/alpine" \ + org.opencontainers.image.documentation="https://github.com/Alwatr/containers/tree/main/alpine" \ + org.opencontainers.image.authors="S. Ali Mihandoost (https://ali.mihandoost.com), S. Amir Mohammad Najafi (https://njfamirm.ir/)" + ARG APK_TESTING RUN set -ex; \ diff --git a/alpine/README.md b/alpine/README.md index 0e62dbc..dcc6a8a 100644 --- a/alpine/README.md +++ b/alpine/README.md @@ -1,6 +1,6 @@ # Alwatr Alpine Container -The unofficial docker container image for Alpine Linux packaged by Alwatr. The image is only 5MB and has access to a package repository that is much more featureful than other BusyBox based images. +This is a lightweight Linux image for use in containerized applications. It includes only the necessary packages and dependencies to keep the image size small and efficient, packaged by Alwatr. ## Usage