From 8be43f46e88118950b58af2931eab1092efe84cb Mon Sep 17 00:00:00 2001 From: Katelya <123220557+katelya77@users.noreply.github.com> Date: Sun, 31 Aug 2025 15:01:21 +0800 Subject: [PATCH] Update docker-image.yml --- .github/workflows/docker-image.yml | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index f2b0c1e..9c22e58 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1,5 +1,4 @@ name: Build & Push Docker image - on: push: branches: @@ -12,15 +11,12 @@ on: paths-ignore: - '**.md' workflow_dispatch: - concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true - env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - jobs: build-and-push: runs-on: ubuntu-latest @@ -29,24 +25,20 @@ jobs: packages: write attestations: write id-token: write - strategy: fail-fast: false matrix: platform: - linux/amd64 - linux/arm64 - steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: version: latest driver-opts: image=moby/buildkit:buildx-stable-1 - - name: Log in to Container Registry if: github.event_name != 'pull_request' uses: docker/login-action@v3 @@ -54,7 +46,6 @@ jobs: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata id: meta uses: docker/metadata-action@v5 @@ -74,7 +65,6 @@ jobs: org.opencontainers.image.created=${{ steps.meta.outputs.created }} org.opencontainers.image.revision=${{ github.sha }} org.opencontainers.image.licenses=MIT - - name: Build Docker image id: build uses: docker/build-push-action@v5 @@ -87,14 +77,12 @@ jobs: cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-${{ matrix.platform }} outputs: | type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }} - - name: Export digest if: github.event_name != 'pull_request' run: | mkdir -p /tmp/digests digest="${{ steps.build.outputs.digest }}" touch "/tmp/digests/${digest#sha256:}" - - name: Upload digest if: github.event_name != 'pull_request' uses: actions/upload-artifact@v4 @@ -103,7 +91,6 @@ jobs: path: /tmp/digests/* if-no-files-found: error retention-days: 1 - merge-images: runs-on: ubuntu-latest permissions: @@ -114,7 +101,6 @@ jobs: needs: - build-and-push if: github.event_name != 'pull_request' - steps: - name: Download digests uses: actions/download-artifact@v4 @@ -122,17 +108,14 @@ jobs: path: /tmp/digests pattern: digests-* merge-multiple: true - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata id: meta uses: docker/metadata-action@v5 @@ -142,21 +125,23 @@ jobs: type=ref,event=branch type=sha,prefix={{branch}}- type=raw,value=latest,enable={{is_default_branch}} - - name: Create manifest list and push working-directory: /tmp/digests run: | docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *) - + - name: Get multi-arch digest + id: get_digest + run: | + digest=$(docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} --format '{{.Manifest.Digest}}') + echo "digest=$digest" >> $GITHUB_OUTPUT - name: Inspect image run: | docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }} - - name: Generate artifact attestation if: github.event_name != 'pull_request' uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.build.outputs.digest }} + subject-digest: ${{ steps.get_digest.outputs.digest }} push-to-registry: true