Skip to content

Commit

Permalink
Merge pull request #1 from mlbiam/main
Browse files Browse the repository at this point in the history 
both arm and amd
  • Loading branch information
@mlbiam
mlbiam authored Dec 3, 2024
2 parents f4f6795 + 3200cd3 commit fd4b0f8
Showing 1 changed file with 16 additions and 8 deletions.
24 changes: 16 additions & 8 deletions .github/workflows/dockerbuild.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io

- name: downcase REPO
run: |
echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: generate tag
run: |-
export PROJ_VERSION="3"
Expand All @@ -42,27 +46,31 @@ jobs:
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2


with:
push: true
platforms: linux/amd64,linux/arm64
tags: |
ghcr.io/tremolosecurity/openunison-jib-builder3:latest
ghcr.io/tremolosecurity/openunison-jib-builder3:${{ env.TAG }}
ghcr.io/tremolosecurity/openunison-jib-builder3:${{ env.SHORT_TAG }}
ghcr.io/${{ env.REPO }}:latest
ghcr.io/${{ env.REPO }}:${{ env.TAG }}
ghcr.io/${{ env.REPO }}:${{ env.SHORT_TAG }}


- name: sign images
run: |-
cosign sign -y ghcr.io/tremolosecurity/openunison-jib-builder3:${{ env.TAG }}
cosign sign -y ghcr.io/${{ env.REPO }}:${{ env.TAG }}
- uses: anchore/sbom-action@v0
with:
image: ghcr.io/tremolosecurity/openunison-jib-builder3:${{ env.TAG }}
image: ghcr.io/${{ env.REPO }}:${{ env.TAG }}
format: spdx
output-file: /tmp/spdxg

- name: attach sbom to images
run: |-
cosign attach sbom --sbom /tmp/spdxg ghcr.io/tremolosecurity/openunison-jib-builder3:${{ env.TAG }}
GH_SBOM_SHA=$(cosign verify --certificate-oidc-issuer-regexp='.*' --certificate-identity-regexp='.*' ghcr.io/tremolosecurity/openunison-jib-builder3:${{ env.TAG }} 2>/dev/null | jq -r '.[0].critical.image["docker-manifest-digest"]' | cut -c 8-)
cosign attach sbom --sbom /tmp/spdxg ghcr.io/${{ env.REPO }}:${{ env.TAG }}
GH_SBOM_SHA=$(cosign verify --certificate-oidc-issuer-regexp='.*' --certificate-identity-regexp='.*' ghcr.io/${{ env.REPO }}:${{ env.TAG }} 2>/dev/null | jq -r '.[0].critical.image["docker-manifest-digest"]' | cut -c 8-)
echo "GH_SBOM_SHA: $GH_SBOM_SHA"
cosign sign -y ghcr.io/tremolosecurity/openunison-jib-builder3:sha256-$GH_SBOM_SHA.sbom
cosign sign -y ghcr.io/${{ env.REPO }}:sha256-$GH_SBOM_SHA.sbom

0 comments on commit fd4b0f8

Please sign in to comment.