Use new docker buildx with multiple outputs to save image

Signed-off-by: John Kjell <[email protected]>
testifysec · Sep 30, 2024 · b88da32 · b88da32
1 parent 425fe29
commit b88da32
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 72 deletions.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -111,7 +111,7 @@ jobs:
     - name: Setup Buildx
       uses: docker/setup-buildx-action@v3
       with:
-        platforms: linux/amd64,linux/arm64
+        platforms: linux/amd64
         install: true
         use: true
 
@@ -120,28 +120,22 @@ jobs:
       with:
         version: 0.6.0
         step: build-image
-        attestations: "git github environment slsa"
+        attestations: "git github environment oci slsa"
         archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"        
         command: |
-          /bin/sh -c "docker buildx build --platform linux/amd64,linux/arm64 -t ${{ steps.meta.outputs.tags }} --push ."
+          /bin/sh -c "docker buildx build -t ${{ steps.meta.outputs.tags }} -o type=docker,dest=image.tar --push ."
+          
+    - name: Upload Artifact
+      uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+      with:
+        name: image.tar
+        path: image.tar
+
     outputs:
       tags: ${{ steps.meta.outputs.tags }}
-
-  save-image:
-    needs: build-image
-    uses: testifysec/witness-run-action/.github/workflows/witness.yml@reusable-workflow
-    with:
-      pull_request: ${{ github.event_name == 'pull_request' }}
-      step: save-image
-      attestations: "git github environment slsa oci"
-      archivista-server: "https://judge-api.aws-sandbox-staging.testifysec.dev"      
-      command: |
-        docker pull ${{ needs.build-image.outputs.tags }} && docker save ${{ needs.build-image.outputs.tags }} -o image.tar
-      artifact-upload-name: image.tar
-      artifact-upload-path: image.tar
-
+
   generate-sbom:
-    needs: save-image
+    needs: build-image
     uses: testifysec/witness-run-action/.github/workflows/witness.yml@reusable-workflow
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}
@@ -158,7 +152,7 @@ jobs:
       artifact-upload-path: sbom.cdx.json
 
   secret-scan:
-    needs: save-image
+    needs: build-image
     uses: testifysec/witness-run-action/.github/workflows/witness.yml@reusable-workflow
     with:
       pull_request: ${{ github.event_name == 'pull_request' }}