chore: 💚 Update dependencies to latest versions (#1457) #24

Summary
Jobs
- build-image
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/docker-cd.yml at 73097ff

	name: CD - Publish Docker image on ghcr.io

	# cos
	# separate terms of service, privacy policy, and support
	# documentation.

	on:
	# schedule:
	# - cron: "40 0 * * *"
	push:
	# branches: ["main"]
	# Publish semver tags as releases.
	tags: ["v..*"]
	# pull_request:
	# branches: ["main"]

	env:
	# Use docker.io for Docker Hub if empty
	REGISTRY: ghcr.io
	# github.repository as <account>/<repo>
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build-image:
	runs-on: ubuntu-latest

	permissions:
	contents: read
	packages: write
	id-token: write # needed for signing the images with GitHub OIDC Token

	name: build-image
	steps:
	- uses: actions/checkout@v4.1.7
	with:
	fetch-depth: 1

	- name: Install Cosign
	uses: sigstore/cosign-installer@v3.5.0
	# with:
	# cosign-release: 'v2.2.4' # optional

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3.2.0

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3.5.0

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3.3.0
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- id: docker_meta
	uses: docker/metadata-action@v5.5.1
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
	# tags: \|
	# type=pep440,pattern={{version}},prefix=v

	- name: Build and Push container images
	uses: docker/build-push-action@v6.5.0
	id: build-and-push
	with:
	platforms: linux/amd64,linux/arm64
	push: true
	tags: ${{ steps.docker_meta.outputs.tags }}
	labels: ${{ steps.docker_meta.outputs.labels }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.description'] }}

	# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
	- name: Sign image with a key
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
	env:
	TAGS: ${{ steps.docker_meta.outputs.tags }}
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	DIGEST: ${{ steps.build-and-push.outputs.digest }}

	- name: Sign the images with GitHub OIDC Token
	env:
	DIGEST: ${{ steps.build-and-push.outputs.digest }}
	TAGS: ${{ steps.docker_meta.outputs.tags }}
	run: \|
	images=""
	for tag in ${TAGS}; do
	images+="${tag}@${DIGEST} "
	done
	cosign sign --yes ${images}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: 💚 Update dependencies to latest versions (#1457) #24

Workflow file

chore: 💚 Update dependencies to latest versions (#1457) #24

Jobs

Run details

Workflow file for this run