mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 00:49:03 +00:00
Use tag rather than commit sha when attesting images (#26032)
This commit is contained in:
Scott Gress
GitHub
parent
44eda681d4
commit
5c0b2dc6b0
1 changed files with 10 additions and 13 deletions
23
.github/workflows/goreleaser-fleet.yaml
vendored
23
.github/workflows/goreleaser-fleet.yaml
vendored
|
|
@ -95,10 +95,10 @@ jobs:
|
|||
with:
|
||||
subject-path: "dist/**"
|
||||
|
||||
# Get the commit hash so we can get image digests
|
||||
- name: Get the short commit hash
|
||||
id: commit
|
||||
run: echo "short_commit=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
|
||||
- name: Get tag
|
||||
run: |
|
||||
echo "TAG=$(git describe --tags | sed -e "s/^fleet-//")" >> $GITHUB_OUTPUT
|
||||
id: docker
|
||||
|
||||
# Get the image digests from the goreleaser artifacts
|
||||
# Adapted from https://github.com/goreleaser/goreleaser/issues/4852#issuecomment-2122790132
|
||||
|
|
@ -106,15 +106,17 @@ jobs:
|
|||
continue-on-error: true
|
||||
id: image_digests
|
||||
run: |
|
||||
echo "digest_fleet=$(cat ./dist/artifacts.json | jq -r '.[]|select(.type == "Published Docker Image" and (.name | contains("fleetdm/fleet:${{ steps.commit.outputs.short_commit }}"))) | select(. != null)|.extra.Digest')" >> "$GITHUB_OUTPUT"
|
||||
echo "digest_fleetctl=$(cat ./dist/artifacts.json | jq -r '.[]|select(.type == "Published Docker Image" and (.name | contains("fleetdm/fleetctl:${{ steps.commit.outputs.short_commit }}"))) | select(. != null)|.extra.Digest')" >> "$GITHUB_OUTPUT"
|
||||
digest_fleet=$(cat ./dist/artifacts.json | jq -r 'first(.[]|select(.type == "Published Docker Image" and (.name == "fleetdm/fleet:${{ steps.docker.outputs.tag }}")) | select(. != null)|.extra.Digest)')
|
||||
echo "digest_fleet=$digest_fleet" >> "$GITHUB_OUTPUT"
|
||||
digest_fleetctl=$(cat ./dist/artifacts.json | jq -r 'first(.[]|select(.type == "Published Docker Image" and (.name == "fleetdm/fleetctl:${{ steps.docker.outputs.tag }}")) | select(. != null)|.extra.Digest)')
|
||||
echo "digest_fleetctl=$digest_fleetctl" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Attest Fleet image
|
||||
uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0
|
||||
continue-on-error: true
|
||||
with:
|
||||
subject-digest: ${{steps.image_digests.outputs.digest_fleet}}
|
||||
subject-name: "fleetdm/fleet"
|
||||
subject-name: "docker.io/fleetdm/fleet"
|
||||
push-to-registry: true
|
||||
|
||||
- name: Attest FleetCtl image
|
||||
|
|
@ -122,14 +124,9 @@ jobs:
|
|||
continue-on-error: true
|
||||
with:
|
||||
subject-digest: ${{steps.image_digests.outputs.digest_fleetctl}}
|
||||
subject-name: "fleetdm/fleetctl"
|
||||
subject-name: "docker.io/fleetdm/fleetctl"
|
||||
push-to-registry: true
|
||||
|
||||
- name: Get tag
|
||||
run: |
|
||||
echo "TAG=$(git describe --tags | sed -e "s/^fleet-//")" >> $GITHUB_OUTPUT
|
||||
id: docker
|
||||
|
||||
- name: List tags for push
|
||||
run: |
|
||||
echo "The following TAGs are to be pushed: ${{ steps.docker.outputs.TAG }}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue