3434 type : string
3535 outputs :
3636 fully-qualified-image-name :
37- value : ${{ jobs.sanitize-image-name .outputs.fully-qualified-image-name }}
37+ value : ${{ jobs.sanitize-inputs .outputs.fully-qualified-image-name }}
3838 image-basename :
39- value : ${{ jobs.sanitize-image-name .outputs.image-basename }}
39+ value : ${{ jobs.sanitize-inputs .outputs.image-basename }}
4040 digest :
4141 value : ${{ jobs.merge-image.outputs.digest }}
42+ runner-arch :
43+ value : ${{ jobs.sanitize-inputs.outputs.runner-arch }}
4244 secrets :
4345 DOCKER_REGISTRY_USERNAME :
4446 required : true
4850permissions : {}
4951
5052jobs :
51- sanitize-image-name :
53+ sanitize-inputs :
5254 name : 🧼
53- uses : ./.github/workflows/wc-sanitize-image-name .yml
55+ uses : ./.github/workflows/wc-sanitize-inputs .yml
5456 with :
5557 image-name : ${{ inputs.image-name }}
5658 registry : ${{ inputs.registry }}
5759 runner-labels : ${{ inputs.runner-labels }}
5860
5961 build-push :
60- name : ${{ matrix. runner }}
62+ name : Build ( ${{ needs.sanitize-inputs.outputs. runner-arch }})
6163 strategy :
6264 matrix :
6365 runner : ${{ (startsWith(inputs.build-test-runner-labels, '[') && endsWith(inputs.build-test-runner-labels, ']')) && fromJson(inputs.build-test-runner-labels) || inputs.build-test-runner-labels }}
6466 runs-on : ${{ matrix.runner }}
65- needs : sanitize-image-name
67+ needs : sanitize-inputs
6668 permissions :
6769 contents : read
6870 packages : write
8789 DOCKER_METADATA_SET_OUTPUT_ENV : false
8890 id : metadata
8991 with :
90- images : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}
92+ images : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}
9193 - name : Generate image label for devcontainer.metadata
9294 run : |
9395 set -Eeuo pipefail
@@ -105,16 +107,14 @@ jobs:
105107 id : devcontainer-metadata
106108 - run : echo "git-commit-epoch=$(git log -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
107109 id : devcontainer-epoch
108- - run : echo "arch=$(echo "${RUNNER_ARCH}" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT"
109- id : devcontainer-arch
110110 - uses : docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
111111 id : build-and-push
112112 env :
113113 SOURCE_DATE_EPOCH : ${{ steps.devcontainer-epoch.outputs.git-commit-epoch }}
114114 with :
115115 file : ${{ inputs.dockerfile }}
116116 push : true
117- tags : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}
117+ tags : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}
118118 labels : |
119119 ${{ steps.metadata.outputs.labels }}
120120 ${{ steps.devcontainer-metadata.outputs.label }}
@@ -130,19 +130,17 @@ jobs:
130130 DIGEST : ${{ steps.build-and-push.outputs.digest }}
131131 - uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
132132 with :
133- name : digests-${{ needs.sanitize-image-name .outputs.image-basename }}-${{ steps.devcontainer-arch .outputs.arch }}
133+ name : digests-${{ needs.sanitize-inputs .outputs.image-basename }}-${{ needs.sanitize-inputs .outputs.runner- arch }}
134134 path : ${{ runner.temp }}/digests/*
135135 if-no-files-found : error
136136 retention-days : 1
137137
138138 merge-image :
139139 name : 🔗 Merge Image
140- # Support either a plain single label (e.g. ubuntu-latest) OR a JSON array of labels.
141- # If the input starts & ends with brackets we attempt JSON parsing; otherwise we pass the raw string.
142140 runs-on : ${{ (startsWith(inputs.runner-labels, '[') && endsWith(inputs.runner-labels, ']')) && fromJson(inputs.runner-labels) || inputs.runner-labels }}
143141 needs :
144142 - build-push
145- - sanitize-image-name
143+ - sanitize-inputs
146144 permissions :
147145 actions : read
148146 attestations : write
@@ -159,13 +157,10 @@ jobs:
159157 with :
160158 disable-sudo : true
161159 egress-policy : audit
162- - uses : actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
163- with :
164- persist-credentials : false
165160 - uses : actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
166161 with :
167162 path : ${{ runner.temp }}/digests
168- pattern : digests-${{ needs.sanitize-image-name .outputs.image-basename }}-*
163+ pattern : digests-${{ needs.sanitize-inputs .outputs.image-basename }}-*
169164 merge-multiple : true
170165 - uses : docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
171166 with :
@@ -180,7 +175,7 @@ jobs:
180175 env :
181176 DOCKER_METADATA_ANNOTATIONS_LEVELS : index
182177 with :
183- images : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}
178+ images : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}
184179 # Generate Docker tags based on the following events/attributes.
185180 # To prevent unnecessary image builds we simulate the `type=edge` tag
186181 # with `type=raw,value=edge,enable=...` which only enables the tag
@@ -208,7 +203,7 @@ jobs:
208203 $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "${METADATA_JSON}") \
209204 $(printf "${CONTAINER}@sha256:%s " *)
210205 env :
211- CONTAINER : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}
206+ CONTAINER : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}
212207 METADATA_JSON : ${{ steps.metadata.outputs.json }}
213208 shell : bash
214209 working-directory : ${{ runner.temp }}/digests
@@ -219,44 +214,44 @@ jobs:
219214 output=$(docker buildx imagetools inspect "${CONTAINER}" --format '{{json .}}')
220215 echo "digest=$(echo "$output" | jq -r '.manifest.digest // .manifests[0].digest')" >> "$GITHUB_OUTPUT"
221216 env :
222- CONTAINER : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
217+ CONTAINER : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
223218 - run : |
224219 set -Eeuo pipefail
225220 wget -O diffoci https://github.com/reproducible-containers/diffoci/releases/download/v0.1.7/diffoci-v0.1.7.linux-amd64
226221 chmod +x diffoci
227222 ./diffoci diff --semantic --report-file=container-diff.json "${FROM_CONTAINER}" "${TO_CONTAINER}" || true
228223 env:
229- FROM_CONTAINER: ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}:edge
230- TO_CONTAINER: ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
224+ FROM_CONTAINER: ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}:edge
225+ TO_CONTAINER: ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
231226 - uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
232227 with :
233- name : container-diff-${{ needs.sanitize-image-name .outputs.image-basename }}
228+ name : container-diff-${{ needs.sanitize-inputs .outputs.image-basename }}
234229 path : container-diff.json
235230 retention-days : 10
236231 - uses : philips-software/amp-devcontainer/.github/actions/container-size-diff@ab0940b1e92f3ccee257d5984166c63c8cfe6a9d # v6.5.0
237232 id : container-size-diff
238233 with :
239- from-container : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}:edge
240- to-container : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
234+ from-container : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}:edge
235+ to-container : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}:${{ steps.metadata.outputs.version }}
241236 - uses : marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
242237 with :
243- header : container-size-diff-${{ needs.sanitize-image-name .outputs.image-basename }}
238+ header : container-size-diff-${{ needs.sanitize-inputs .outputs.image-basename }}
244239 message : |
245240 ${{ steps.container-size-diff.outputs.size-diff-markdown }}
246241 - uses : anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
247242 with :
248- image : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}@${{ steps.inspect-manifest.outputs.digest }}
243+ image : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}@${{ steps.inspect-manifest.outputs.digest }}
249244 dependency-snapshot : true
250245 - uses : actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
251246 with :
252- subject-name : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}
247+ subject-name : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}
253248 subject-digest : ${{ steps.inspect-manifest.outputs.digest }}
254249 show-summary : false
255250 push-to-registry : true
256251 - name : Verify attestation
257252 run : gh attestation verify --repo "${GH_REPO}" "oci://${FULLY_QUALIFIED_IMAGE_NAME}@${DIGEST}"
258253 env :
259254 DIGEST : ${{ steps.inspect-manifest.outputs.digest }}
260- FULLY_QUALIFIED_IMAGE_NAME : ${{ needs.sanitize-image-name .outputs.fully-qualified-image-name }}
255+ FULLY_QUALIFIED_IMAGE_NAME : ${{ needs.sanitize-inputs .outputs.fully-qualified-image-name }}
261256 GH_REPO : ${{ github.repository }}
262257 GH_TOKEN : ${{ github.token }}
0 commit comments