Skip to content

Commit 79b9ceb

Browse files
committed
fix(ci): add annotations param to imagetools
1 parent 76d93bd commit 79b9ceb

1 file changed

Lines changed: 9 additions & 8 deletions

File tree

.github/workflows/build.yml

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,7 @@ jobs:
186186
run: |
187187
# Create the manifest list and push to both registries
188188
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
189+
$(jq -r '.annotations | to_entries[] | "--annotation \(.key)=\(.value)"' <<<"$DOCKER_METADATA_OUTPUT_JSON")
189190
$(printf '${{ env.CONTAINER_IMAGE }}@sha256:%s ' *) \
190191
$(printf 'ghcr.io/${{ env.CONTAINER_IMAGE }}@sha256:%s ' *)
191192
@@ -203,6 +204,14 @@ jobs:
203204
docker buildx imagetools inspect ghcr.io/${{ env.CONTAINER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
204205
echo "::endgroup::"
205206
207+
- name: Cosign sign images (GitHub OIDC)
208+
run: |
209+
cosign sign --yes \
210+
${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
211+
212+
cosign sign --yes \
213+
ghcr.io/${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
214+
206215
- name: Attest docker build (DockerHub)
207216
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a #v3.0.0
208217
with:
@@ -217,14 +226,6 @@ jobs:
217226
subject-digest: ${{ steps.docker_build.outputs.digest }}
218227
push-to-registry: true
219228

220-
- name: Cosign sign images ('^'GitHub OIDC)
221-
run: |
222-
cosign sign --yes \
223-
${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
224-
225-
cosign sign --yes \
226-
ghcr.io/${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
227-
228229
argocd:
229230
if: github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
230231
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)