Skip to content

Commit

Permalink
Fix provenance task
Browse files Browse the repository at this point in the history
  • Loading branch information
andifalk committed Oct 8, 2023
1 parent c979864 commit 33ccc84
Showing 1 changed file with 26 additions and 5 deletions.
31 changes: 26 additions & 5 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ jobs:
permissions:
contents: read
packages: write
outputs:
image: ${{ steps.image.outputs.image }}
digest: ${{ steps.build.outputs.digest }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v3
Expand All @@ -18,15 +21,32 @@ jobs:
run: mvn --batch-mode deploy
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@dc7b9719a96d48369863986a06765841d7ea23f6
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build image
run: docker build . --file Dockerfile --platform linux/amd64 --tag "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
- name: Push image
run: docker push "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@69f6fc9d46f2f8bf0d5491e4aabe0bb8c6a4678a
with:
images: andifalk/supply-chain-security
- name: Build and push Docker image
uses: docker/build-push-action@e551b19e49efd4e98792db7592c17c09b89db8d8
id: build
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Output image
id: image
run: |
# NOTE: Set the image as an output because the `env` context is not
# available to the inputs of a reusable workflow call.
image_name="andifalk/supply-chain-security"
echo "image=$image_name" >> "$GITHUB_OUTPUT"
# This step calls the container workflow to generate provenance and push it to
# the container registry.
Expand All @@ -38,7 +58,8 @@ jobs:
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: "andifalk/supply-chain-security:${GITHUB_REF_NAME}"
image: "andifalk/supply-chain-security"
digest: ${{ needs.build.outputs.digest }}
registry-username: andifalk
secrets:
registry-password: ${{ secrets.DOCKERHUB_TOKEN }}

0 comments on commit 33ccc84

Please sign in to comment.