almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 09:52:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

Add image_uri output in the build-push-image workflow

Browse source 
And use it when getting the container image to build `.rpm` and `.deb` packages.
This commit is contained in:
Alexis Métaireau 2025-04-25 17:23:06 +02:00
parent 59d3bba835
commit b78f30527c
No known key found for this signature in database
GPG key ID: C65C7A89A8FFC56E
2 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.github/workflows/build-push-image.yml vendored
View file

@ -29,6 +29,10 @@ on:
secrets:
registry_token:
required: true
outputs:
image_uri:
description: "The published container image location, with the tag and checksum"
value: ${{ jobs.merge.outputs.image_uri }}
jobs:
lint:
@ -152,6 +156,7 @@ jobs:
debian_archive_date: ${{ needs.build.outputs.debian_archive_date }}
source_date_epoch: ${{ needs.build.outputs.source_date_epoch }}
image: ${{ needs.build.outputs.image }}
image_uri: ${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.build.outputs.tag }}@${{ steps.image.outputs.digest_root }}"
tag: ${{ needs.build.outputs.tag }}
digest_root: ${{ steps.image.outputs.digest_root }}
digest_amd64: ${{ steps.image.outputs.digest_amd64 }}
@ -295,6 +300,6 @@ jobs:
- name: Sign container
run: |-
export IMAGE_URI="${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@${{ needs.merge.outputs.digest_root }}"
cosign sign -d --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI"
export IMAGE_URI="${{ needs.merge.image_uri }}"
cosign sign --yes --key=${{ inputs.key_name }}.key "$IMAGE_URI"
shell: bash

15
.github/workflows/ci.yml vendored
View file

@ -205,13 +205,18 @@ jobs:
id: date
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
- name: Restore container cache
uses: actions/cache/restore@v4
- name: Install Cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a
with:
key: v5-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container_helpers/*', 'install/common/build-image.py') }}
path: share/container.tar
fail-on-cache-miss: true
cosign-release: 'v2.5.0'
- name: Get the container image from the registry
run: |-
cosign save ${{ needs.build-container-image.outputs.image_uri }} --dir tmp
cd tmp
tar -cvf ../share/container.tar
cd ..
- name: Build Dangerzone .deb
run: |
./dev_scripts/env.py --distro ${{ matrix.distro }} \