Skip to content

build(deps): Bump docker/build-push-action from 5.4.0 to 6.0.0 (#4) #24

build(deps): Bump docker/build-push-action from 5.4.0 to 6.0.0 (#4)

build(deps): Bump docker/build-push-action from 5.4.0 to 6.0.0 (#4) #24

name: Build and Publish Fedora Image
on:
push:
branches: [ "main" ]
paths:
- configs/Fedora/KDE/Dockerfile
- configs/Fedora/XFCE/Dockerfile
- .github/workflows/build-fedora-image.yml
workflow_dispatch:
env:
REGISTRY1: ghcr.io
REGISTRY2: docker.io
REGISTRY3: quay.io
IMAGE_NAME1: kasm-dev-fedora
IMAGE_NAME2: kasm-dev-fedora-kde
jobs:
fedora-image-docker:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
steps:
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY2 }}
username: ${{ github.actor }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and push image
id: push-docker
uses: docker/build-push-action@v6.0.0
with:
context: configs/Fedora/XFCE
push: true
tags: ${{ env.REGISTRY2 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}:latest
- uses: sigstore/cosign-installer@v3.5.0
- name: Sign container image
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY2 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}:latest
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Attest pushed image
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: index.docker.io/${{ github.actor }}/${{ env.IMAGE_NAME1 }}
subject-digest: ${{ steps.push-docker.outputs.digest }}
push-to-registry: true
fedora-image-ghcr:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
packages: write
attestations: write
steps:
- uses: actions/checkout@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY1 }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push image
id: push-ghcr
uses: docker/build-push-action@v6.0.0
with:
context: configs/Fedora/XFCE
push: true
tags: ${{ env.REGISTRY1 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}:latest
- uses: sigstore/cosign-installer@v3.5.0
- name: Sign container image
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY1 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}:latest
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Attest pushed image
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY1 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}
subject-digest: ${{ steps.push-ghcr.outputs.digest }}
push-to-registry: true
fedora-image-quay:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
steps:
- uses: actions/checkout@v4
- name: Login to QUAY
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY3 }}
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Build and push image
id: push-quay
uses: docker/build-push-action@v6.0.0
with:
context: configs/Fedora/XFCE
push: true
tags: ${{ env.REGISTRY3 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}:latest
- uses: sigstore/cosign-installer@v3.5.0
- name: Sign container image
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY3 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}:latest
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Attest pushed image
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY3 }}/${{ github.actor }}/${{ env.IMAGE_NAME1 }}
subject-digest: ${{ steps.push-quay.outputs.digest }}
push-to-registry: true
fedora-kde-image-docker:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
steps:
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY2 }}
username: ${{ github.actor }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build and push image
id: push-docker
uses: docker/build-push-action@v6.0.0
with:
context: configs/Fedora/KDE
push: true
tags: ${{ env.REGISTRY2 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}:latest
- uses: sigstore/cosign-installer@v3.5.0
- name: Sign container image
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY2 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}:latest
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Attest pushed image
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: index.docker.io/${{ github.actor }}/${{ env.IMAGE_NAME2 }}
subject-digest: ${{ steps.push-docker.outputs.digest }}
push-to-registry: true
fedora-kde-image-ghcr:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
packages: write
attestations: write
steps:
- uses: actions/checkout@v4
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY1 }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push image
id: push-ghcr
uses: docker/build-push-action@v6.0.0
with:
context: configs/Fedora/KDE
push: true
tags: ${{ env.REGISTRY1 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}:latest
- uses: sigstore/cosign-installer@v3.5.0
- name: Sign container image
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY1 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}:latest
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Attest pushed image
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY1 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}
subject-digest: ${{ steps.push-ghcr.outputs.digest }}
push-to-registry: true
fedora-kde-image-quay:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
attestations: write
steps:
- uses: actions/checkout@v4
- name: Login to QUAY
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY3 }}
username: ${{ secrets.QUAY_USER }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Build and push image
id: push-quay
uses: docker/build-push-action@v6.0.0
with:
context: configs/Fedora/KDE
push: true
tags: ${{ env.REGISTRY3 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}:latest
- uses: sigstore/cosign-installer@v3.5.0
- name: Sign container image
run: |
cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY3 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}:latest
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
- name: Attest pushed image
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.REGISTRY3 }}/${{ github.actor }}/${{ env.IMAGE_NAME2 }}
subject-digest: ${{ steps.push-quay.outputs.digest }}
push-to-registry: true