From 1eddd0d8e62d44aa443c9198e1a9207212f3c3aa Mon Sep 17 00:00:00 2001 From: Justin Pflueger Date: Thu, 7 Mar 2024 04:06:49 -0700 Subject: [PATCH 1/2] try to fix the devcontainer cosign Signed-off-by: Justin Pflueger --- .github/workflows/docker.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 5dc1229..6b2a09a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -23,12 +23,11 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign - if: github.event_name != 'pull_request' uses: sigstore/cosign-installer@v3.3.0 - name: Set up QEMU @@ -66,11 +65,16 @@ jobs: skipContainerUserIdUpdate: true platform: linux/amd64,linux/arm64 runCmd: spin --version + push: always # Sign the resulting Docker image digest except on PRs. - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} env: + IMAGE: ghcr.io/${{ github.repository }} TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} \ No newline at end of file + run: | + for tag in "${TAGS[@]}"; do + IMAGE_TAG="ghcr.io/${IMAGE}:${tag}" + DIGEST=$(docker image ls "$IMAGE_TAG" --digests --format='{{.Digest}}') + cosign sign --yes "${IMAGE_TAG}@${DIGEST}" + done \ No newline at end of file From 6a6798cae54124b31e9afb2a20ffa164e6bbb321 Mon Sep 17 00:00:00 2001 From: Justin Pflueger Date: Tue, 12 Mar 2024 09:12:39 -0600 Subject: [PATCH 2/2] remove cosign Signed-off-by: Justin Pflueger --- .github/workflows/docker.yaml | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 6b2a09a..bac72d5 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -25,11 +25,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - uses: sigstore/cosign-installer@v3.3.0 - - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -43,8 +38,6 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5.5.1 @@ -54,9 +47,8 @@ jobs: type=ref,event=pr type=sha,enable={{is_default_branch}},prefix={{date 'YYYYMMDD-HHmmss'}}-,suffix=,format=short - # Uses the cached prebuilt image and adds - # devcontainer features and metadata before pushing - - name: Add devcontainer extras and push + # this action will take features and extensions into account + - name: Build and Push devcontainer uses: devcontainers/ci@v0.3 with: cacheFrom: ghcr.io/${{ github.repository }} @@ -65,16 +57,3 @@ jobs: skipContainerUserIdUpdate: true platform: linux/amd64,linux/arm64 runCmd: spin --version - push: always - - # Sign the resulting Docker image digest except on PRs. - - name: Sign the published Docker image - env: - IMAGE: ghcr.io/${{ github.repository }} - TAGS: ${{ steps.meta.outputs.tags }} - run: | - for tag in "${TAGS[@]}"; do - IMAGE_TAG="ghcr.io/${IMAGE}:${tag}" - DIGEST=$(docker image ls "$IMAGE_TAG" --digests --format='{{.Digest}}') - cosign sign --yes "${IMAGE_TAG}@${DIGEST}" - done \ No newline at end of file