diff --git a/.github/workflows/cnspec.yaml b/.github/workflows/cnspec.yaml index cc5b705d6..ee78e1d8e 100644 --- a/.github/workflows/cnspec.yaml +++ b/.github/workflows/cnspec.yaml @@ -10,7 +10,7 @@ on: default: 'latest' env: - IMAGE: ghcr.io/mondoo-operator/cnspec + IMAGE: ghcr.io/mondoohq/mondoo-operator/cnspec jobs: build-cnspec: @@ -22,25 +22,39 @@ jobs: strategy: matrix: - os: [linux] - arch: [amd64, arm64, arm] - tag: - - ${{ github.event.inputs.version }} - - ${{ github.event.inputs.version }}-rootless - - ${{ github.event.inputs.version }}-ubi-rootless - - ${{ github.event.inputs.version }}-ubi + suffix: + - "" + - -rootless + - -ubi-rootless + - -ubi steps: - name: Checkout repository uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Log into registry ${{ env.REGISTRY }} + - name: Log into registry ghcr.io uses: docker/login-action@v2 with: - registry: ${{ env.REGISTRY }} + registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.IMAGE }} + tags: | + type=semver,pattern={{version}},value=${{ github.event.inputs.version }} + type=semver,pattern={{major}},value=${{ github.event.inputs.version }} + type=raw,value=latest + flavor: | + suffix=${{ matrix.suffix }},onlatest=true + - name: Build and push cnspec image id: build-and-push-operator uses: docker/build-push-action@v4 @@ -48,44 +62,7 @@ jobs: context: . file: cnspec.Dockerfile build-args: VERSION=${{ github.event.inputs.version }} - platforms: ${{ matrix.os }}/${{ matrix.arch }} + platforms: linux/amd64,linux/arm64,linux/arm push: true labels: ${{ steps.meta.outputs.labels }} - tags: ${{ env.IMAGE }}:${{ matrix.tag }}-${{ matrix.arch }} - - push-virtual-tag: - name: Push multi-platform virtual tag - runs-on: ubuntu-latest - needs: - - build-cnspec - - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE }} - - - name: Push multi-platform virtual tag and sign - run: bash scripts/push-virtual-tag.sh - env: - TAGS: ${{ steps.meta.outputs.tags }} - CPU_ARCHS: amd64 arm64 arm \ No newline at end of file + tags: ${{ steps.meta.outputs.tags }} \ No newline at end of file