Commit Graph

37 Commits

Author SHA1 Message Date
Justin Hutchings 61d42c9d0c Update cosign versions 2024-05-30 09:34:08 -07:00
Josh Soref cd4b67d0b4 Checkout: Update all workflows to use Checkout V4 2024-04-05 15:29:37 -04:00
CrazyMax 90c598c5ab update docker actions to latest stable 2023-09-12 15:21:04 +02:00
James M. Greene a07603e5ef Update to latest cosign versions 2023-07-13 09:51:15 -05:00
Batuhan Apaydın b54241071a use intermediate environment variables to avoid risks of script injection
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2023-05-17 13:21:56 +03:00
Ouvill d31bcb967a fix update cosign version on docker-publish.yml (#1917)
upgrade cosign version

https://github.com/sigstore/cosign/releases/tag/v1.13.1

The current version is out of date and the following error occurs

```
getting signer: getting key from Fulcio: verifying SCT: updating local metadata and targets: error updating to TUF remote mirror: tuf: invalid key
```

Co-authored-by: Sampark Sharma <phantsure@github.com>
2023-02-10 13:35:33 +05:30
Sampark Sharma 6562f83775 Merge branch 'main' into main 2022-09-21 12:15:59 +05:30
Batuhan Apaydın a50f9361bc chore: upgrade cosign-installer version to latest
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
2022-09-20 20:02:09 +03:00
Chris Patterson 4bb0cbfc9e Enable caching by default for docker builds. 2022-09-20 10:25:45 +05:30
James Moore 4235f787e5 fix cosign command line args 2022-06-28 08:00:44 +01:00
Dan Lorenc c85125e539 Update cosign to 1.9.0
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
2022-06-21 07:44:50 -05:00
Sampark Sharma c81b7bc3a4 Merge branch 'main' into support-uppercase-repos 2022-05-02 16:19:20 +05:30
Jesse Glick 2885b083c9 Update docker/build-push-action
https://github.com/docker/build-push-action/commit/ac9327eae2b366085ac7f6a2d02df8aa8ead720a to pick up https://github.com/docker/build-push-action/pull/569
2022-04-18 15:39:08 -04:00
dlorenc 970a7b5255 Update the cosign-install action and default version from 1.4.0 to 1.… (#1452)
* Update the cosign-install action and default version from 1.4.0 to 1.5.1.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

* Update to 1.7.1 and the latest cosign-installer action.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
2022-04-10 23:36:23 +05:30
Thomas Boop 1d9d6d7fb0 Update Actions to node16 (#1469)
* update actions

* address merge conflicts

* fix java updates

* update github script

* update cache to v3

Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
2022-03-28 22:40:48 +05:30
Matt Moore 002e1a441e Support uppercase repository names with cosign.
My previous PR didn't properly handle uppercase usernames (or repository names) when signing container images with `cosign`.

It seems that the `docker buildx --push` doesn't like this either, but it's passed the output of the `docker/metadata-action` which seems to lowercase things.

Fixes: https://github.com/actions/starter-workflows/issues/1293

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
2022-03-16 11:48:28 -07:00
Matt Moore 00db25fc1e Enable keyless signing for private repos. (#1295)
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).

Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
2021-12-13 15:17:02 -05:00
Matt Moore 60d206d090 Have the starter docker-publish action sign digests. (#1255)
* Have the starter `docker-publish` action sign digests.

This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).

Signed-off-by: Matt Moore <mattomata@gmail.com>

* Fully qualify the digest, add setup-buildx-action as workaround

* Drop --force, add public repo check

* Use built-in 'private' bit
2021-12-06 22:35:19 +05:30
CrazyMax 90ba42df70 Simplify Docker publish workflow (#921)
Co-authored-by: CrazyMax <crazy-max@users.noreply.github.com>
Co-authored-by: Josh Gross <joshmgross@github.com>
2021-06-04 14:23:02 -04:00
Sven Pfleiderer 7b6d03675b Revert "Remove pull request condition"
This reverts commit 9d73235e03.
2021-06-02 15:58:44 -07:00
Sven Pfleiderer 9d73235e03 Remove pull request condition 2021-06-02 15:41:23 -07:00
Sven Pfleiderer 9317366c91 Remove docker tags section to simplify configuration 2021-06-02 14:21:03 -07:00
Sven Pfleiderer 749308b283 Merge branch 'packages-container-registry-workflow' of github.com:pfleidi/starter-workflows into packages-container-registry-workflow 2021-05-26 16:24:12 -07:00
Sven Pfleiderer 6fe53a9ebd Remove context configuration since it's already the default 2021-05-26 15:03:41 -07:00
Sven Pfleiderer aa30f1448e Update ci/docker-publish.yml
Co-authored-by: Bryan Clark <clarkbw@github.com>
2021-05-26 14:07:29 -07:00
Sven Pfleiderer 41a66c656e Use git shas rather than version tags 2021-05-26 13:46:54 -07:00
Sven Pfleiderer b574e6db50 Add notice about third party actions 2021-05-26 10:55:50 -07:00
Sven Pfleiderer 282b038713 Update push docker container to support container registry
Also simplify the existing workflow by replacing shell code with actions
2021-05-26 10:41:53 -07:00
eric sciple 6a69f367db Update starter workflows to specify permissions 2021-04-21 16:32:53 -05:00
Kayla Ngan f75012de65 Revert "Update Publish Docker template to publish to GitHub Container Registry" 2020-11-04 16:32:58 -05:00
Kayla Ngan 01816c2943 Add in account path part 2020-08-31 16:40:03 -04:00
Kayla Ngan b54b703ab1 Update docker-publish.yml 2020-08-31 16:21:54 -04:00
Christopher Schleiden abf7f258d1 Use $default-branch token 2020-07-13 12:12:41 -07:00
Ankit Popli 72408e6c62 fix: use the IMAGE_NAME variable
current behavior:
changing the IMAGE_NAME variable breaks the build

expected behavior:
changing the IMAGE_NAME should not break the build
2020-05-10 13:47:21 +05:30
sineverba 8dc9fb3b3a Fix image name as env var 2020-04-20 08:54:47 +02:00
Jiale Liu efb9b58902 Bug fix : repository name must be lowercase
https://github.com/Licsber/opencv-docker/runs/514244582?check_suite_focus=true
 Push image: 
Error parsing reference: "docker.pkg.github.com/Licsber/opencv-docker/opencv:latest" is not a valid repository/tag: invalid reference format: repository name must be lowercase
My username contains uppercase characters, this make push failed.
So fix the bug by change all uppercase in IMAGE_ID to lowercase.
2020-03-18 12:08:46 +08:00
Konrad Pabjan 2ecb907f13 More updates to starter workflows 2020-02-20 10:01:16 -05:00