Merge pull request #10 from crazy-max/fix-test-workflow

ci: fix test workflow

Author: crazy-max

.github/workflows/.test.yml

@@ -18,7 +18,7 @@ on:
 
 jobs:
   build-aws-single:
-    uses: .github/workflows/build.yml
+    uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write
@@ -27,7 +27,7 @@ jobs:
       meta-images: |
         public.ecr.aws/q3b5f1u4/test-docker-action
       meta-tags: |
-        type=raw,value=ghbuilder-${{ github.run_id }}
+        type=raw,value=ghbuilder-single-${{ github.run_id }}
       build-file: test/hello.Dockerfile
       build-output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
       build-sbom: true
@@ -38,7 +38,7 @@ jobs:
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
   build-aws:
-    uses: .github/workflows/build.yml
+    uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write
@@ -59,7 +59,7 @@ jobs:
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
   build-ghcr:
-    uses: .github/workflows/build.yml
+    uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write
@@ -79,7 +79,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
   build-dockerhub-stage:
-    uses: .github/workflows/build.yml
+    uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write
@@ -98,8 +98,27 @@ jobs:
           username: ${{ vars.DOCKERHUB_STAGE_USERNAME }}
           password: ${{ secrets.DOCKERHUB_STAGE_TOKEN }}
 
+  build-dockerhub-stage-oidc:
+    uses: ./.github/workflows/build.yml
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    with:
+      meta-images: registry-1-stage.docker.io/docker/github-builder-test
+      meta-tags: |
+        type=raw,value=${{ github.run_id }},prefix=oidc-
+      build-file: test/hello.Dockerfile
+      build-output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
+      build-sbom: true
+      build-platforms: linux/amd64,linux/arm64
+    secrets:
+      registry-auths: |
+        - registry: registry-1-stage.docker.io
+          username: docker:cdeb5882-30b7-4076-be92-bfdceb258e9c
+
   build-ghcr-and-aws:
-    uses: .github/workflows/build.yml
+    uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write
@@ -109,7 +128,7 @@ jobs:
         ghcr.io/docker/github-builder-test
         public.ecr.aws/q3b5f1u4/test-docker-action
       meta-tags: |
-        type=raw,value=${{ github.run_id }}
+        type=raw,value=${{ github.run_id }},prefix=ghcr-and-aws-
       build-file: test/hello.Dockerfile
       build-output: ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
       build-sbom: true
@@ -124,7 +143,7 @@ jobs:
           password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
   build-local:
-    uses: .github/workflows/build.yml
+    uses: ./.github/workflows/build.yml
     permissions:
       contents: read
       packages: write

.github/workflows/build.yml

@@ -206,6 +206,7 @@ jobs:
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
+          # TODO: switch to latest once Buildx v0.30.0 is released
           version: https://github.com/docker/buildx.git#62857022a08552bee5cad0c3044a9a3b185f0b32
           buildkitd-flags: --debug
       -