forked from rancher/turtles
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
99b669d
commit 8abe30c
Showing
2 changed files
with
56 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -25,7 +25,14 @@ jobs: | |
| contents: read | ||
| packages: write | ||
| outputs: | ||
| ghcr-images: ${{ steps.ghcr-images.outputs.ghcr-images }} | ||
| multiarch_image: ${{ steps.ghcr-images.outputs.multiarch_image }} | ||
| amd64_image: ${{ steps.ghcr-images.outputs.amd64_image }} | ||
| arm64_image: ${{ steps.ghcr-images.outputs.arm64_image }} | ||
| s390x_image: ${{ steps.ghcr-images.outputs.s390x_image }} | ||
| multiarch_digest: ${{ steps.ghcr-images.outputs.multiarch_digest }} | ||
| arm64_digest: ${{ steps.ghcr-images.outputs.arm64_digest }} | ||
| amd64_digest: ${{ steps.ghcr-images.outputs.amd64_digest }} | ||
| s390x_digest: ${{ steps.ghcr-images.outputs.s390x_digest }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
@@ -48,15 +55,36 @@ jobs: | |
| - name: Store list of ghcr images | ||
| id: ghcr-images | ||
| run: | | ||
| output=$(./scripts/images-digest.sh ${{ env.TAG }} ${{ env.REGISTRY }}) | ||
| echo "ghcr-images=$result" >> "$GITHUB_OUTPUT" | ||
| ./scripts/image-digest.sh ${{ env.REGISTRY }} ${{ env.PROD_ORG }} ${{ env.TAG }} | ||
| ghcr-sign: | ||
| runs-on: ubuntu-latest | ||
| needs: [build] | ||
| permissions: | ||
| packages: write | ||
| id-token: write | ||
| strategy: | ||
| matrix: | ||
| images: ${{ needs.build.outputs.ghcr-images }} | ||
| images: [ | ||
| { | ||
| "image":"${{ needs.build.outputs.multiarch_image }}", | ||
| }, | ||
| { | ||
| "image":"${{ needs.build.outputs.amd64_image }}", | ||
| }, | ||
| { | ||
| "image":"${{ needs.build.outputs.arm64_image }}", | ||
| }, | ||
| { | ||
| "image":"${{ needs.build.outputs.s390x_image }}", | ||
| } | ||
| ] | ||
| steps: | ||
| - name: Docker login to ghcr registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ env.USERNAME }} | ||
| password: ${{ env.PASSWORD }} | ||
| - uses: sigstore/[email protected] | ||
| - name: Sign manifests | ||
| env: | ||
|
|
@@ -71,7 +99,24 @@ jobs: | |
| packages: write | ||
| strategy: | ||
| matrix: | ||
| images: ${{ needs.build.outputs.ghcr-images }} | ||
| images: [ | ||
| { | ||
| "image":"${{ needs.build.outputs.multiarch_image }}", | ||
| "digest":"${{ needs.build.outputs.multiarch_digest }}" | ||
| }, | ||
| { | ||
| "image":"${{ needs.build.outputs.amd64_image }}", | ||
| "digest":"${{ needs.build.outputs.amd64_digest }}" | ||
| }, | ||
| { | ||
| "image":"${{ needs.build.outputs.arm64_image }}", | ||
| "digest":"${{ needs.build.outputs.arm64_digest }}" | ||
| }, | ||
| { | ||
| "image":"${{ needs.build.outputs.s390x_image }}", | ||
| "digest":"${{ needs.build.outputs.s390x_digest }}" | ||
| } | ||
| ] | ||
| uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] | ||
| with: | ||
| image: ${{ matrix.images.image }} | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,40 +1,23 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Run your command and capture its output | ||
| output=$(make docker-list-all TAG="$1" REGISTRY="$2") | ||
|
|
||
| # Initialize an empty array to store the results | ||
| results=() | ||
| output=$(make docker-list-all REGISTRY="$1" ORG="$2" TAG="$3") | ||
|
|
||
| # Use a for loop to iterate over each line | ||
| IFS=$'\n' # Set the Internal Field Separator to newline | ||
| line_count=0 # Counter to keep track of the current line | ||
| total_lines=$(echo "$output" | wc -l) # Get the total number of lines | ||
| githubimageoutput=("multiarch_image" "amd64_image" "arm64_image" "s390x_image") | ||
| githubdigestoutput=("multiarch_digest" "amd64_digest" "arm64_digest" "s390x_digest") | ||
|
|
||
| for line in $output; do | ||
| # Run the Docker command and get the digest | ||
| digest=$(docker buildx imagetools inspect "$line" --format '{{json .}}' | jq -r .manifest.digest) | ||
|
|
||
| # Create a JSON object for each image and digest | ||
| result="{\"image\":\"$line\",\"digest\":\"$digest\"}" | ||
|
|
||
| # Append the result to the array | ||
| results+=("$result") | ||
|
|
||
| # Check if it's not the last line, then add a comma and space | ||
| if [ $line_count -lt $((total_lines - 1)) ]; then | ||
| results+=(", ") | ||
| fi | ||
| # Add image name and digest to the output | ||
| echo "${githubimageoutput[$line_count]}=$line" >> "$GITHUB_OUTPUT" | ||
| echo "${githubdigestoutput[$line_count]}=$digest" >> "$GITHUB_OUTPUT" | ||
|
|
||
| # Increment the line counter | ||
| line_count=$((line_count + 1)) | ||
| done | ||
|
|
||
| # Convert the array to a string in the desired format | ||
| output="[${results[*]}]" | ||
|
|
||
| # Remove all newline characters from the final output | ||
| output=$(echo -n "$output" | tr -d '\n') | ||
|
|
||
| # Print the final output | ||
| echo "$output" |