From 0a482dcdf38af42b4e3d3bd46d4335394141c583 Mon Sep 17 00:00:00 2001 From: Andrew Date: Mon, 22 Jul 2024 23:28:44 -0500 Subject: [PATCH] Update docker-build.yml --- .github/workflows/docker-build.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index a5da76b..a51f471 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -1,4 +1,4 @@ -name: Build, Assess Vulnerability, Push +name: Build, Assess Vulnerability, Push, Sign Image on: push: @@ -13,7 +13,7 @@ env: IMAGE_NAME: thermostat_api_server jobs: - build_assess_push_amd64: + AMD64: runs-on: ubuntu-latest steps: @@ -59,14 +59,17 @@ jobs: - name: Sign the container image run: cosign sign --yes ghcr.io/aneisch/${{ env.IMAGE_NAME }}@${{ steps.push-step.outputs.digest }} - build_multiarch: + Multiarch: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Set up QEMU uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 + - name: Cache Docker layers uses: actions/cache@v2 with: @@ -74,10 +77,12 @@ jobs: key: ${{ runner.os }}-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-buildx- + - name: Log into Registry run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin + - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@master with: context: . file: ./Dockerfile @@ -86,3 +91,9 @@ jobs: platforms: linux/arm64/v8 cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Install cosign + uses: sigstore/cosign-installer@main + + - name: Sign the container image + run: cosign sign --yes ghcr.io/aneisch/${{ env.IMAGE_NAME }}@${{ steps.push-step.outputs.digest }}