My previous PR didn't properly handle uppercase usernames (or repository names) when signing container images with `cosign`.
It seems that the `docker buildx --push` doesn't like this either, but it's passed the output of the `docker/metadata-action` which seems to lowercase things.
Fixes: https://github.com/actions/starter-workflows/issues/1293
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
* Upgrade Rails workflow to true CI
The existing Rails CI example only runs linters, which is not continuous
integration. This change brings the Rails example workflow up to par
with the other web framework CI flows, like Django.
This example is optimized for Rails 7, which does not include NodeJS,
webpack, or yarn by default. No Rails application code changes are
required for this flow to run the tests, and both minitest and rspec are
supported via the `test` rake task.
* add Rails icon
* use env vars, hopefully
* use the full hash for ruby/setup-ruby
* remove PORT since services cannot use it
* stop repeating identical step envs
* resolve env var declaration error
* update setup-ruby to the SHA of v1.92
* use setup-ruby SHA for lint job too
Co-authored-by: Bishal Prasad <bishal-pdmsft@github.com>
Now that cosign 1.4 is out, we can perform keyless signing without panicking on private images (and without `--force` uploading to Rekor).
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
* Have the starter `docker-publish` action sign digests.
This change installs `sigstore/cosign` using the `cosign-installer` action,
and uses sigstore's "keyless" signing process to sign the resulting image
digest using the action's identity token (see: `id-token: write`).
Signed-off-by: Matt Moore <mattomata@gmail.com>
* Fully qualify the digest, add setup-buildx-action as workaround
* Drop --force, add public repo check
* Use built-in 'private' bit
The `gradle-build-action` provides enhanced execution and caching functionality for Gradle.
This change updates starter workflows to use `v2.0.0` of `gradle-build-action`.
Improvements over invoking Gradle directly include:
- Easier to run the workflow with a particular Gradle version
- More sophisticated and more efficient caching of Gradle User Home between invocations
- Detailed reporting of cache usage and cache configuration options
- Automatic capture of Build Scan links
Co-authored-by: Josh Gross <joshmgross@github.com>