From c14d4ce3465a0ed72e6816d3957bdbb10bcdd5c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Cornell=C3=A0?= Date: Sun, 15 Sep 2024 16:11:36 +0200 Subject: [PATCH] Add attestation and fix image README push to Docker Hub --- .github/workflows/main.yml | 43 +++++++++++++++++++++++++++++++------- README.md | 7 ++++--- 2 files changed, 39 insertions(+), 11 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1a7c936..c92b48d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,9 +9,10 @@ on: - cron: "46 2 * * 1" env: + REGISTRY: "docker.io" + DOCKERHUB_ORG: &dockerhub-org "ohmyzsh" LATEST_ZSH: "5.9" - DOCKERHUB_ORG: "ohmyzsh" - MAIN_OMZ_BRANCH: "master" # TODO: we need to change master with main when migrating the branch + LATEST_OMZ: "master" # TODO: we need to change master with main when migrating the branch jobs: get-omz-versions: @@ -23,12 +24,14 @@ jobs: - name: Get Oh My Zsh versions id: versions run: | - OMZ_VERSIONS=$(curl -sL https://api.github.com/repos/ohmyzsh/ohmyzsh/tags | jq -c '["${{ env.MAIN_OMZ_BRANCH }}",.[].name]') + OMZ_VERSIONS=$(curl -sL https://api.github.com/repos/ohmyzsh/ohmyzsh/tags | jq -c '["${{ env.LATEST_OMZ }}",.[].name]') echo "versions=$OMZ_VERSIONS" >> $GITHUB_OUTPUT build-omz: name: Build Oh My Zsh Docker image runs-on: ubuntu-latest + env: + IMAGE_NAME: *dockerhub-org/ohmyzsh needs: - get-omz-versions strategy: @@ -53,12 +56,15 @@ jobs: - name: Get tags and versions id: tags run: | - tags=${{ env.DOCKERHUB_ORG }}/ohmyzsh:${{ matrix.omz-version }} - if [ ${{matrix.omz-version }} = ${{ env.MAIN_OMZ_BRANCH }} ]; then - tags="${tags},${{ env.DOCKERHUB_ORG }}/ohmyzsh:latest" + tags="${{ env.IMAGE_NAME }}:${{ matrix.omz-version }}" + tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.omz-version }}" + if [ ${{matrix.omz-version }} = ${{ env.LATEST_OMZ }} ]; then + tags="${tags},${{ env.IMAGE_NAME }}:latest" + tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" fi echo "tags=$tags" >> $GITHUB_OUTPUT - name: Build and push images + id: push uses: docker/build-push-action@v5 with: context: ohmyzsh @@ -66,10 +72,19 @@ jobs: push: ${{ github.event_name != 'pull_request' }} build-args: "OMZ_VERSION=${{ matrix.omz-version }}" tags: ${{ steps.tags.outputs.tags }} + - name: Attest + uses: actions/attest-build-provenance@v1 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true build-zsh: name: Build Zsh Docker images runs-on: ubuntu-latest + env: + IMAGE_NAME: *dockerhub-org/zsh strategy: matrix: zsh-version: @@ -127,12 +142,15 @@ jobs: - name: Get tags and versions id: tags run: | - tags=${{ env.DOCKERHUB_ORG }}/zsh:${{ matrix.zsh-version }} + tags="${{ env.IMAGE_NAME }}:${{ matrix.zsh-version }}" + tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.zsh-version }}" if [ ${{matrix.zsh-version }} = ${{ env.LATEST_ZSH }} ]; then - tags="${tags},${{ env.DOCKERHUB_ORG }}/zsh:latest" + tags="${tags},${{ env.IMAGE_NAME }}:latest" + tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" fi echo "tags=$tags" >> $GITHUB_OUTPUT - name: Build and push images + id: push uses: docker/build-push-action@v5 with: context: zsh @@ -140,6 +158,13 @@ jobs: push: ${{ github.event_name != 'pull_request' }} build-args: "ZSH_VERSION=${{ matrix.zsh-version }}" tags: ${{ steps.tags.outputs.tags }} + - name: Attest + uses: actions/attest-build-provenance@v1 + id: attest + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true update-image-readme: needs: @@ -148,6 +173,8 @@ jobs: runs-on: ubuntu-latest if: ${{ github.event_name != 'pull_request' }} steps: + - name: Checkout + uses: actions/checkout@v4 - name: Update image READMEs env: DH_USERNAME: ${{ secrets.DOCKERHUB_USER }} diff --git a/README.md b/README.md index 6e1e925..82d88ef 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Oh My Zsh docker images +[![Publish workflow](https://github.com/ohmyzsh/docker/actions/workflows/main.yml/badge.svg)](https://github.com/ohmyzsh/docker/actions/workflows/main.yml) + This repository holds the Dockerfile files for the various docker images hosted in the [ohmyzsh organization at Docker Hub](https://hub.docker.com/u/ohmyzsh). @@ -12,8 +14,7 @@ Inside this folder there needs to be: - `Dockerfile` for building the Docker image. See [`ohmyzsh/ohmyzsh`](ohmyzsh/Dockerfile) for an example of how to set it up, including metadata `LABEL`s. -- `build.sh` file which receives the Docker Hub organization name as the first argument, - and builds all the tags for the given image. - - `README.md` which provides information regarding the Docker image. If the image has a README.md file, this will be used to automatically update the README in Docker Hub. + +There also needs to be a separate build job for each image in the [`.github/workflows/main.yml`](https://github.com/ohmyzsh/docker/actions/workflows/main.yml) file.