From a371fcf53d9956a29de7ca40070bdb382d82aecc Mon Sep 17 00:00:00 2001
From: Katelya <123220557+katelya77@users.noreply.github.com>
Date: Sun, 31 Aug 2025 15:40:19 +0800
Subject: [PATCH] Update docker-image.yml

---
 .github/workflows/docker-image.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 890f15f..709edf9 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -78,14 +78,17 @@ jobs:
           cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-${{ matrix.platform }}
           outputs: |
             type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
-          provenance: false  # 已添加，禁用 provenance
-          sbom: false  # 新添加，禁用 SBOM 以确保输出单个 manifest
+          provenance: false
+          sbom: false
       - name: Export digest
         if: github.event_name != 'pull_request'
         run: |
           mkdir -p /tmp/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "/tmp/digests/${digest#sha256:}"
+          # 获取构建输出的 digest（可能是 list digest）
+          list_digest="${{ steps.build.outputs.digest }}"
+          # 使用 imagetools inspect 提取内层 manifest digest（假设单平台，所以 Manifests 数组只有一个元素）
+          manifest_digest=$(docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${list_digest} --format '{{json .Manifests}}' | jq -r '.[0].digest')
+          touch "/tmp/digests/${manifest_digest#sha256:}"
       - name: Upload digest
         if: github.event_name != 'pull_request'
         uses: actions/upload-artifact@v4