Skip to content

Commit 620e54e

Browse files
committed
fix(ci): skip source-label in annotations
1 parent 3b233cb commit 620e54e

1 file changed

Lines changed: 19 additions & 19 deletions

File tree

.github/workflows/build.yml

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -183,32 +183,14 @@ jobs:
183183
run: |
184184
# Create the manifest list and push to both registries
185185
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
186-
$(jq -cr '.labels | to_entries | map("--annotation " + ("index:" + .key + "=" + .value | @sh)) | join(" ")' <<<"$DOCKER_METADATA_OUTPUT_JSON") \
186+
$(jq -cr '.labels | to_entries | map(select(.key != "org.opencontainers.image.source")) | map("--annotation " + ("index:" + .key + "=" + .value | @sh)) | join(" ")' <<<"$DOCKER_METADATA_OUTPUT_JSON") \
187187
$(printf '${{ github.repository }}@sha256:%s ' *) \
188188
$(printf 'ghcr.io/${{ github.repository }}@sha256:%s ' *)
189189
190190
# Get the digest of the created manifest list
191191
DIGEST=$(docker buildx imagetools inspect ghcr.io/${{ github.repository }}:${{ steps.docker_meta.outputs.version }} --format '{{json .Manifest.Digest}}' | jq -r .)
192192
echo "digest=$DIGEST" >> $GITHUB_OUTPUT
193193
194-
- name: Inspect images
195-
run: |
196-
echo "::group::DockerHub"
197-
docker buildx imagetools inspect ${{ github.repository }}:${{ steps.docker_meta.outputs.version }}
198-
echo "::endgroup::"
199-
200-
echo "::group::GitHub Container Registry"
201-
docker buildx imagetools inspect ghcr.io/${{ github.repository }}:${{ steps.docker_meta.outputs.version }}
202-
echo "::endgroup::"
203-
204-
- name: Cosign sign images (GitHub OIDC)
205-
run: |
206-
cosign sign --yes \
207-
${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
208-
209-
cosign sign --yes \
210-
ghcr.io/${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
211-
212194
- name: Attest docker build (DockerHub)
213195
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a #v3.0.0
214196
with:
@@ -223,6 +205,24 @@ jobs:
223205
subject-digest: ${{ steps.docker_build.outputs.digest }}
224206
push-to-registry: true
225207

208+
- name: Cosign sign images (GitHub OIDC)
209+
run: |
210+
cosign sign --yes \
211+
${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
212+
213+
cosign sign --yes \
214+
ghcr.io/${{ github.repository }}@${{ steps.docker_build.outputs.digest }}
215+
216+
- name: Inspect images
217+
run: |
218+
echo "::group::DockerHub"
219+
docker buildx imagetools inspect ${{ github.repository }}:${{ steps.docker_meta.outputs.version }}
220+
echo "::endgroup::"
221+
222+
echo "::group::GitHub Container Registry"
223+
docker buildx imagetools inspect ghcr.io/${{ github.repository }}:${{ steps.docker_meta.outputs.version }}
224+
echo "::endgroup::"
225+
226226
argocd:
227227
if: github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
228228
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)