Skip to content
dockerbuild

Automatic Update - 20240802T020052.889Z #107

Sign in to view logs

Automatic Update - 20240802T020052.889Z

Automatic Update - 20240802T020052.889Z #107

Workflow file for this run

.github/workflows/dockerbuild.yml at 1534dbe
name: dockerbuild
on:
push:
branches:
- 'master'
permissions:
id-token: write
packages: write
jobs:
docker:
runs-on: ubuntu-latest
steps:
-
name: Set up QEMU
uses: docker/setup-qemu-action@v1
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Install Cosign
uses: sigstore/cosign-installer@main
-
name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to container Registry
uses: docker/login-action@v2
with:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
- name: generate tag
run: |-
export PROJ_VERSION="5.18.4"
echo "Project Version: $PROJ_VERSION"
echo "TAG=$PROJ_VERSION-$(echo $GITHUB_SHA | cut -c 1-6)" >> $GITHUB_ENV
echo "SHORT_TAG=$PROJ_VERSION" >> $GITHUB_ENV
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
tags: |
docker.io/tremolosecurity/activemq-docker:latest
docker.io/tremolosecurity/activemq-docker:${{ env.TAG }}
docker.io/tremolosecurity/activemq-docker:${{ env.SHORT_TAG }}
ghcr.io/tremolosecurity/activemq-docker:latest
ghcr.io/tremolosecurity/activemq-docker:${{ env.TAG }}
ghcr.io/tremolosecurity/activemq-docker:${{ env.SHORT_TAG }}
- name: sign images
run: |-
cosign sign -y ghcr.io/tremolosecurity/activemq-docker:${{ env.TAG }}
- uses: anchore/sbom-action@v0
with:
image: ghcr.io/tremolosecurity/activemq-docker:${{ env.TAG }}
format: spdx
output-file: /tmp/spdxg
- name: attach sbom to images
run: |-
cosign attach sbom --sbom /tmp/spdxg ghcr.io/tremolosecurity/activemq-docker:${{ env.TAG }}
GH_SBOM_SHA=$(cosign verify --certificate-oidc-issuer-regexp='.*' --certificate-identity-regexp='.*' ghcr.io/tremolosecurity/activemq-docker:${{ env.TAG }} 2>/dev/null | jq -r '.[0].critical.image["docker-manifest-digest"]' | cut -c 8-)
echo "GH_SBOM_SHA: $GH_SBOM_SHA"
cosign sign -y ghcr.io/tremolosecurity/activemq-docker:sha256-$GH_SBOM_SHA.sbom