dandri/Draupnir
1
0
Fork 0
mirror of https://github.com/the-draupnir-project/Draupnir.git synced 2026-03-29 10:29:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Finish Attested Docker Images Ambitions (#1029)

Browse Source
This commit is contained in:
Catalan Lover
2026-03-13 20:38:05 +01:00
committed by GitHub
parent 4344be93e8
commit fc09fb2904
5 changed files with 62 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/docker-hub-develop.yml vendored
View File

@@ -24,9 +24,9 @@ jobs:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
attestations: write
artifact-metadata: write
steps:
- name: Check out
uses: actions/checkout@v4
@@ -50,7 +50,7 @@ jobs:
- name: Build image
id: push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
@@ -65,3 +65,12 @@ jobs:
sbom: true
tags: |
${{ env.DOCKER_NAMESPACE }}/draupnir:develop
- name: Attest pushed image
id: attest
if: ${{ env.PUSH == 'true' }}
uses: actions/attest@v4
with:
subject-name: docker.io/${{ env.DOCKER_NAMESPACE }}/draupnir
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

12
.github/workflows/docker-hub-latest.yml vendored
View File

@@ -22,9 +22,9 @@ jobs:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
attestations: write
artifact-metadata: write
steps:
- name: Check out
uses: actions/checkout@v4
@@ -49,7 +49,7 @@ jobs:
- name: Build image
id: push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
@@ -63,3 +63,11 @@ jobs:
sbom: true
tags: |
${{ env.DOCKER_NAMESPACE }}/draupnir:latest
- name: Attest pushed image
id: attest
uses: actions/attest@v4
with:
subject-name: docker.io/${{ env.DOCKER_NAMESPACE }}/draupnir
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

17
.github/workflows/docker-hub-release.yml vendored
View File

@@ -22,14 +22,15 @@ jobs:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
attestations: write
artifact-metadata: write
steps:
- name: Check out
uses: actions/checkout@v4
- name: Get release tag
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
id: release_version
run: echo "release_version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Unshallow for git describe so we can create version.txt
run: git fetch --prune --unshallow --tags --all --force
@@ -50,7 +51,7 @@ jobs:
- name: Build image
id: push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
@@ -63,4 +64,12 @@ jobs:
org.opencontainers.image.licenses=AFL-3.0
sbom: true
tags: |
${{ env.DOCKER_NAMESPACE }}/draupnir:${{ env.RELEASE_VERSION }}
${{ env.DOCKER_NAMESPACE }}/draupnir:${{ steps.release_version.outputs.release_version }}
- name: Attest pushed image
id: attest
uses: actions/attest@v4
with:
subject-name: docker.io/${{ env.DOCKER_NAMESPACE }}/draupnir
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

16
.github/workflows/ghcr-latest.yml vendored
View File

@@ -20,6 +20,7 @@ jobs:
packages: write
contents: read
attestations: write
artifact-metadata: write
steps:
- name: Check out
uses: actions/checkout@v4
@@ -28,7 +29,8 @@ jobs:
- name: Unshallow for git describe so we can create version.txt
run: git fetch --prune --unshallow --tags --all --force
- name: Set lowercase image owner
run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
id: image_owner
run: echo "image_owner=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
# Needed for multi platform builds
- name: Set up QEMU
@@ -48,7 +50,7 @@ jobs:
- name: Build and push image to GHCR
id: push_ghcr
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
@@ -61,4 +63,12 @@ jobs:
org.opencontainers.image.licenses=AFL-3.0
sbom: true
tags: |
ghcr.io/${{ env.IMAGE_OWNER }}/draupnir:latest
ghcr.io/${{ steps.image_owner.outputs.image_owner }}/draupnir:latest
- name: Attest pushed image
id: attest
uses: actions/attest@v4
with:
subject-name: ghcr.io/${{ steps.image_owner.outputs.image_owner }}/draupnir
subject-digest: ${{ steps.push_ghcr.outputs.digest }}
push-to-registry: true

19
.github/workflows/ghcr-release.yml vendored
View File

@@ -20,15 +20,18 @@ jobs:
packages: write
contents: read
attestations: write
artifact-metadata: write
steps:
- name: Check out
uses: actions/checkout@v4
- name: Get release tag
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
id: release_version
run: echo "release_version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
- name: Unshallow for git describe so we can create version.txt
run: git fetch --prune --unshallow --tags --all --force
- name: Set lowercase image owner
run: echo "IMAGE_OWNER=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
id: image_owner
run: echo "image_owner=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
# Needed for multi platform builds
- name: Set up QEMU
@@ -48,7 +51,7 @@ jobs:
- name: Build and push image to GHCR
id: push_ghcr
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
@@ -61,4 +64,12 @@ jobs:
org.opencontainers.image.licenses=AFL-3.0
sbom: true
tags: |
ghcr.io/${{ env.IMAGE_OWNER }}/draupnir:${{ env.RELEASE_VERSION }}
ghcr.io/${{ steps.image_owner.outputs.image_owner }}/draupnir:${{ steps.release_version.outputs.release_version }}
- name: Attest pushed image
id: attest
uses: actions/attest@v4
with:
subject-name: ghcr.io/${{ steps.image_owner.outputs.image_owner }}/draupnir
subject-digest: ${{ steps.push_ghcr.outputs.digest }}
push-to-registry: true