@@ -230,88 +230,51 @@ jobs:
230230env :
231231 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
232232
233- image :
233+ image-prepare :
234234 runs-on : ubuntu-latest
235+ outputs :
236+ repo-slugs : |
237+ ${{ env.DOCKERHUB_SLUG }}
238+ ${{ env.GHCR_SLUG }}
239+ steps :
240+ # FIXME: can't use env object in reusable workflow inputs: https://github.com/orgs/community/discussions/26671
241+ - run : echo "Exposing env vars for reusable workflow"
242+
243+ image :
244+ uses : docker/github-builder-experimental/.github/workflows/bake.yml@bake
235245 permissions :
236- # same as global permissions
237- contents : read
238- # required to push to GHCR
239- packages : write
246+ contents : read # same as global permission
247+ id-token : write # for signing attestation manifests with GitHub OIDC Token
248+ packages : write # needed to push images to GitHub Container Registry
240249 needs :
250+ - image-prepare
241251 - artifact
242252 - test
243- steps :
244- -
245- name : Checkout
246- uses : actions/checkout@v5
247- with :
248- fetch-depth : 0
249- -
250- name : Docker meta
251- id : meta
252- uses : docker/metadata-action@v5
253- with :
254- images : |
255- ${{ env.DOCKERHUB_SLUG }}
256- ${{ env.GHCR_SLUG }}
257- tags : |
258- type=semver,pattern={{version}}
259- type=semver,pattern={{major}}.{{minor}}
260- type=semver,pattern={{major}}
261- type=ref,event=pr
262- type=edge
263- labels : |
264- org.opencontainers.image.title=Diun
265- org.opencontainers.image.description=Docker image update notifier
266- org.opencontainers.image.vendor=CrazyMax
267-
268- name : Set up QEMU
269- uses : docker/setup-qemu-action@v3
270- -
271- name : Set up Docker Buildx
272- uses : docker/setup-buildx-action@v3
273- -
274- name : Login to DockerHub
275- if : github.event_name != 'pull_request'
276- uses : docker/login-action@v3
277- with :
253+ with :
254+ target : image-all
255+ output : ${{ github.event_name != 'pull_request' && 'registry' || 'cacheonly' }}
256+ set-meta-labels : true
257+ meta-images : |
258+ ${{ needs.image-prepare.outputs.repo-slugs }}
259+ meta-tags : |
260+ type=semver,pattern={{version}}
261+ type=semver,pattern={{major}}.{{minor}}
262+ type=semver,pattern={{major}}
263+ type=ref,event=pr
264+ type=edge
265+ meta-labels : |
266+ org.opencontainers.image.title=Diun
267+ org.opencontainers.image.description=Docker image update notifier
268+ org.opencontainers.image.vendor=CrazyMax
269+ bake-sbom : true
270+ secrets :
271+ registry-auths : |
272+ - registry: docker.io
278273 username: ${{ secrets.DOCKER_USERNAME }}
279274 password: ${{ secrets.DOCKER_PASSWORD }}
280- -
281- name : Login to GHCR
282- if : github.event_name != 'pull_request'
283- uses : docker/login-action@v3
284- with :
285- registry : ghcr.io
275+ - registry: ghcr.io
286276 username: ${{ github.repository_owner }}
287277 password: ${{ secrets.GITHUB_TOKEN }}
288- -
289- name : Build
290- uses : docker/bake-action@v6
291- with :
292- source : .
293- files : |
294- ./docker-bake.hcl
295- ${{ steps.meta.outputs.bake-file }}
296- targets : image-all
297- provenance : mode=max
298- sbom : true
299- pull : true
300- push : ${{ github.event_name != 'pull_request' }}
301- -
302- name : Check manifest
303- if : github.event_name != 'pull_request'
304- run : |
305- docker buildx imagetools inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
306- docker buildx imagetools inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
307-
308- name : Inspect image
309- if : github.event_name != 'pull_request'
310- run : |
311- docker pull ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
312- docker image inspect ${{ env.DOCKERHUB_SLUG }}:${{ steps.meta.outputs.version }}
313- docker pull ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
314- docker image inspect ${{ env.GHCR_SLUG }}:${{ steps.meta.outputs.version }}
315278
316279scout :
317280 runs-on : ubuntu-latest
0 commit comments