almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Add image_uri output in the build-push-image workflow

Browse source 
And use it when getting the container image to build `.rpm` and `.deb` packages.
This commit is contained in:
Alexis Métaireau 2025-04-25 17:23:06 +02:00
parent 59d3bba835
commit b78f30527c
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
2 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.github/workflows/build-push-image.yml vendored
View file

@ -29,6 +29,10 @@ on:
secrets: secrets:
registry_token: registry_token:
required: true required: true
outputs:
image_uri:
description: "The published container image location, with the tag and checksum"
value: ${{ jobs.merge.outputs.image_uri }}
jobs: jobs:
lint: lint:
@ -152,6 +156,7 @@ jobs:
debian_archive_date: ${{ needs.build.outputs.debian_archive_date }} debian_archive_date: ${{ needs.build.outputs.debian_archive_date }}
source_date_epoch: ${{ needs.build.outputs.source_date_epoch }} source_date_epoch: ${{ needs.build.outputs.source_date_epoch }}
image: ${{ needs.build.outputs.image }} image: ${{ needs.build.outputs.image }}
image_uri: ${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.build.outputs.tag }}@${{ steps.image.outputs.digest_root }}"
tag: ${{ needs.build.outputs.tag }} tag: ${{ needs.build.outputs.tag }}
digest_root: ${{ steps.image.outputs.digest_root }} digest_root: ${{ steps.image.outputs.digest_root }}
digest_amd64: ${{ steps.image.outputs.digest_amd64 }} digest_amd64: ${{ steps.image.outputs.digest_amd64 }}
@ -295,6 +300,6 @@ jobs:
- name: Sign container - name: Sign container
run: |- run: |-
export IMAGE_URI="${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@${{ needs.merge.outputs.digest_root }}" export IMAGE_URI="${{ needs.merge.image_uri }}"
cosign sign -d --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI" cosign sign --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI"
shell: bash shell: bash

15
.github/workflows/ci.yml vendored
View file

@ -205,12 +205,17 @@ jobs:
id: date id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Restore container cache - name: Install Cosign
uses: actions/cache/restore@v4 uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with: with:
key: v5-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container_helpers/*', 'install/common/build-image.py') }} cosign-release: 'v2.5.0'
path: share/container.tar
fail-on-cache-miss: true - name: Get the container image from the registry
run: |-
cosign save ${{ needs.build-container-image.outputs.image_uri }} --dir tmp
cd tmp
tar -cvf ../share/container.tar
cd ..
- name: Build Dangerzone .deb - name: Build Dangerzone .deb
run: | run: |