From a40217cbac3ae4e194c2171ba7e77517f01d7d8b Mon Sep 17 00:00:00 2001 From: kannan-nic <168638714+kannan-nic@users.noreply.github.com> Date: Tue, 7 May 2024 12:41:54 +0530 Subject: [PATCH] Update docker-publish.yml Signed-off-by: kannan-nic <168638714+kannan-nic@users.noreply.github.com> --- .github/workflows/docker-publish.yml | 38 +++------------------------- 1 file changed, 4 insertions(+), 34 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index bfd17b971f..bf031e72ea 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -27,39 +27,9 @@ jobs: id-token: write steps: - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub + name: Login to GitHub Container Registry uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN_DEXSMTP }} - - - name: Build and push - uses: docker/build-push-action@v5 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - #- name: Sign the published Docker image - # if: ${{ github.event_name != 'pull_request' }} - # env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - # TAGS: ${{ steps.meta.outputs.tags }} - # DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - # run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }}