Switch to buildx to create sbom.

MikeNeilson · MikeNeilson · commit f31573280db4 · 2025-05-14T13:38:07.000Z
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
         packages: write
         contents: write
     outputs:
-      api_image: ${{steps.build_image.outputs.api_image}}
+      api_image: ${{steps.set_image.outputs.api_image}}
       migration_image: ${{steps.migration-publish.outputs.image}}
     steps:
       - name: checkout code
@@ -64,7 +64,10 @@ jobs:
         run: echo "VERSION=${{inputs.branch}}-nightly" >> $GITHUB_ENV
       - name: Set version
         if: inputs.nightly == false
-        run: echo "VERSION=${{inputs.branch}}" >> $GITHUB_ENV
+        run: |
+          echo "VERSION=${{inputs.branch}}" >> $GITHUB_ENV
+          REPO=`echo "${{github.repository}}" | tr  '[:upper:]' '[:lower:]'`
+          echo "REPO=$REPO" >> $GITHUB_ENV
       - name: show version
         run: echo ${VERSION}
       - name: build war
@@ -77,6 +80,19 @@ jobs:
           tag_name: ${{env.VERSION}}
           generate_release_notes: true
           token: ${{ secrets.token != null && secrets.token || secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3.10.0
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5.7.0
+        with:
+          images: |
+            ${{secrets.registry != null && secrets.registry ||secrets.HEC_PUB_REGISTRY}}/cwms/data-api
+            ghcr.io/${REPO}
+          tags: |
+            type=sha
+            type=ref,event=tag
+            type=schedule,pattern=nightly
       - name: Log in to the Container registry
         id: login-ghcr
         uses: docker/login-action@v3.3.0
@@ -91,21 +107,15 @@ jobs:
           registry: ${{ secrets.registry != null && secrets.registry ||secrets.HEC_PUB_REGISTRY }}
           username: ${{ secrets.registry_user != null && secrets.registry_user || secrets.ALT_REG_USER }}
           password: ${{ secrets.registry_password != null && secrets.registry_password || secrets.ALT_REG_PASSWORD }}
-      - name: Build docker image
-        id: build_image
-        env:
-          IMAGE_TAG: ${{env.VERSION}}
-          ALT_REGISTRY: ${{secrets.ALT_REGISTRY}}
-          HEC_PUB_REGISTRY: ${{secrets.HEC_PUB_REGISTRY}}
+      - name: Build and push
+        uses: docker/build-push-action@v6.16.0
+        with:
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}      
+      - name: Set Output Image
+        id: set_image
         run: |
-          HEC_PUB_REGISTRY="${{secrets.registry != null && secrets.registry ||secrets.HEC_PUB_REGISTRY}}"
-          REPO=`echo "${{github.repository}}" | tr  '[:upper:]' '[:lower:]'`
-          echo "REPO=$REPO" >> $GITHUB_ENV
-          docker build -t cda:build-latest .
-          docker tag cda:build-latest ghcr.io/${REPO}:$VERSION
-          docker tag cda:build-latest $HEC_PUB_REGISTRY/cwms/data-api:$VERSION
-          docker push $HEC_PUB_REGISTRY/cwms/data-api:$VERSION
-          docker push ghcr.io/${REPO}:$VERSION
           echo "api_image=ghcr.io/${REPO}:$VERSION" >> $GITHUB_OUTPUT
       - name: Setup Database Migration Image
         id: migration
