diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml index bd39c5f..684120e 100644 --- a/.github/workflows/image.yml +++ b/.github/workflows/image.yml @@ -15,16 +15,43 @@ jobs: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} steps: + - name: Build artifact + run: date > artifact.bin + + - name: Build Dockerfile + run: | + cat < Dockerfile + FROM scratch + COPY artifact.bin . + EOF + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + - name: Login to GHCR uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + id: build-and-push + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + platforms: 'linux/amd64,linux/arm64' + push: true + sbom: true + provenance: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + - name: Attest artifact uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - subject-digest: sha256:458e52976b041df295e2de3b370168c387e91e78a3ecf813c6db66c37590440c - push-to-registry: true + subject-digest: ${{ steps.build-and-push.outputs.digest }}