diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 178d506..992b1a0 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -45,14 +45,17 @@ jobs: if: ${{ startsWith(github.ref, 'refs/heads/main') }} run: | echo TAG_NAME=latest >> $GITHUB_ENV + echo IMG_REPOSITORY_NAME=$( echo ${{ github.repository_owner }} | awk '{print tolower($0)}' ) >> $GITHUB_ENV - name: Retrieve tag name (feat branch) if: ${{ startsWith(github.ref, 'refs/heads/feat') }} run: | echo "TAG_NAME=latest-$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV + echo IMG_REPOSITORY_NAME=$( echo ${{ github.repository_owner }} | awk '{print tolower($0)}' ) >> $GITHUB_ENV - name: Retrieve tag name (tag) if: ${{ startsWith(github.ref, 'refs/tags/') }} run: | echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV + echo IMG_REPOSITORY_NAME=$( echo ${{ github.repository_owner }} | awk '{print tolower($0)}' ) >> $GITHUB_ENV - name: Build and push container image if: ${{ inputs.push-image }} id: build-image @@ -63,10 +66,10 @@ jobs: platforms: linux/amd64, linux/arm64 push: true tags: | - ghcr.io/${{github.repository_owner}}/kwasm-operator:${{ env.TAG_NAME }} + ghcr.io/${{ env.IMG_REPOSITORY_NAME }}/kwasm-operator:${{ env.TAG_NAME }} - id: setoutput name: Set output parameters run: | - echo "repository=ghcr.io/${{github.repository_owner}}/kwasm-operator" >> $GITHUB_OUTPUT + echo "repository=ghcr.io/${{ env.IMG_REPOSITORY_NAME }}/kwasm-operator" >> $GITHUB_OUTPUT echo "tag=${{ env.TAG_NAME }}" >> $GITHUB_OUTPUT echo "digest=${{ steps.build-image.outputs.digest }}" >> $GITHUB_OUTPUT diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index c0f0a35..bcd48d0 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -40,9 +40,11 @@ jobs: shell: bash run: | set -e + IMG_REPOSITORY_NAME=$( echo ${{ github.repository_owner }} | awk '{print tolower($0)}' ) + echo IMG_REPOSITORY_NAME=${IMG_REPOSITORY_NAME} >> $GITHUB_ENV DIGEST=$(crane digest \ --platform "linux/${{ matrix.arch }}" \ - ghcr.io/${{ github.repository_owner }}/kwasm-operator@${{ inputs.image-digest }}) + ghcr.io/${IMG_REPOSITORY_NAME}/kwasm-operator@${{ inputs.image-digest }}) echo "PLATFORM_DIGEST=${DIGEST}" >> "$GITHUB_ENV" - name: Create SBOM file @@ -51,7 +53,7 @@ jobs: syft \ -o spdx-json \ --file kwasm-operator-sbom-${{ matrix.arch }}.spdx \ - ghcr.io/${{ github.repository_owner }}/kwasm-operator@${{ env.PLATFORM_DIGEST }} + ghcr.io/${{ env.IMG_REPOSITORY_NAME }}/kwasm-operator@${{ env.PLATFORM_DIGEST }} - name: Sign SBOM file run: | @@ -65,7 +67,7 @@ jobs: run: | cosign attach \ sbom --sbom kwasm-operator-sbom-${{ matrix.arch }}.spdx \ - ghcr.io/${{ github.repository_owner }}/kwasm-operator@${{ env.PLATFORM_DIGEST }} + ghcr.io/${{ env.IMG_REPOSITORY_NAME }}/kwasm-operator@${{ env.PLATFORM_DIGEST }} - name: Sign SBOM file pushed to OCI registry shell: bash @@ -74,7 +76,7 @@ jobs: SBOM_TAG="$(echo ${{ env.PLATFORM_DIGEST }} | sed -e 's/:/-/g').sbom" cosign sign --yes \ - ghcr.io/${{github.repository_owner}}/kwasm-operator:${SBOM_TAG} + ghcr.io/${{ env.IMG_REPOSITORY_NAME }}/kwasm-operator:${SBOM_TAG} - name: Upload SBOMs as artifacts uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 diff --git a/.github/workflows/sign-image.yml b/.github/workflows/sign-image.yml index e010dcf..bf9d9ca 100644 --- a/.github/workflows/sign-image.yml +++ b/.github/workflows/sign-image.yml @@ -25,8 +25,9 @@ jobs: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - + - name: Sign container image run: | + IMG_REPOSITORY_NAME=$( echo ${{ github.repository_owner }} | awk '{print tolower($0)}' ) cosign sign --yes \ - ghcr.io/${{github.repository_owner}}/kwasm-operator@${{ inputs.image-digest }} + ghcr.io/${IMG_REPOSITORY_NAME}/kwasm-operator@${{ inputs.image-digest }}