11name : publish
22on :
3+ workflow_dispatch :
34 workflow_call :
45 inputs :
56 image_tag :
67 default : " devel"
78 required : false
89 type : string
10+ registry :
11+ default : " docker.io/intel"
12+ required : false
13+ type : string
914env :
1015 no_base_check : " ['intel-qat-plugin-kerneldrv', 'intel-idxd-config-initcontainer', 'crypto-perf', 'opae-nlb-demo']"
1116
@@ -20,27 +25,27 @@ jobs:
2025 fail-fast : false
2126 matrix :
2227 image :
23- - intel-fpga-admissionwebhook
24- - intel-fpga-initcontainer
25- - intel-gpu-initcontainer
28+ # - intel-fpga-admissionwebhook
29+ # - intel-fpga-initcontainer
30+ # - intel-gpu-initcontainer
2631 - intel-gpu-plugin
27- - intel-fpga-plugin
28- - intel-qat-initcontainer
29- - intel-qat-plugin
30- - intel-deviceplugin-operator
31- - intel-sgx-admissionwebhook
32- - intel-sgx-plugin
33- - intel-sgx-initcontainer
34- - intel-dsa-plugin
35- - intel-iaa-plugin
36- - intel-idxd-config-initcontainer
37- - intel-dlb-plugin
38- - intel-dlb-initcontainer
39- - intel-xpumanager-sidecar
32+ # - intel-fpga-plugin
33+ # - intel-qat-initcontainer
34+ # - intel-qat-plugin
35+ # - intel-deviceplugin-operator
36+ # - intel-sgx-admissionwebhook
37+ # - intel-sgx-plugin
38+ # - intel-sgx-initcontainer
39+ # - intel-dsa-plugin
40+ # - intel-iaa-plugin
41+ # - intel-idxd-config-initcontainer
42+ # - intel-dlb-plugin
43+ # - intel-dlb-initcontainer
44+ # - intel-xpumanager-sidecar
4045
4146 # # Demo images
42- - crypto-perf
43- - opae-nlb-demo
47+ # - crypto-perf
48+ # - opae-nlb-demo
4449 steps :
4550 - uses : actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
4651 - uses : actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5
@@ -52,21 +57,43 @@ jobs:
5257 env :
5358 IMAGE_NAME : ${{ matrix.image }}
5459 run : |
55- REG=intel/ make ${IMAGE_NAME} BUILDER=docker
60+ ORG=${{ inputs.registry }} TAG=${{ inputs.image_tag }} make ${IMAGE_NAME} BUILDER=docker
61+ - name : List images
62+ run : docker images
5663 - name : Trivy scan for image
5764 uses : aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
5865 with :
5966 scan-type : image
60- image-ref : intel /${{ matrix.image }}:${{ inputs.image_tag }}
67+ image-ref : ${{ inputs.registry }} /${{ matrix.image }}:${{ inputs.image_tag }}
6168 exit-code : 1
6269 - name : Test image base layer
6370 # Don't run base layer check for selected images
6471 if : ${{ !contains(fromJson(env.no_base_check), matrix.image) }}
65- run : IMG=intel /${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
72+ run : IMG=${{ inputs.registry }} /${{ matrix.image }}:${{ inputs.image_tag }} make test-image-base-layer BUILDER=docker
6673 - name : Login
6774 uses : docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
6875 with :
76+ registry : ghcr.io
6977 username : ${{ secrets.DOCKERHUB_USER }}
7078 password : ${{ secrets.DOCKERHUB_PASS }}
71- - name : Push
72- run : docker push intel/${{ matrix.image }}:${{ inputs.image_tag }}
79+ - name : Push & Pull
80+ run : |
81+ docker push ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
82+ docker pull ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
83+ - name : Get image digest
84+ if : ${{ inputs.image_tag != 'devel' }}
85+ id : digest
86+ run : |
87+ echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT
88+ - name : Install cosign
89+ if : ${{ inputs.image_tag != 'devel' }}
90+ uses : sigstore/cosign-installer@v3.6.0
91+ - name : Keyless image sign
92+ if : ${{ inputs.image_tag != 'devel' }}
93+ run : |
94+ echo ${{ steps.digest.outputs.image_sha }}
95+ cosign sign --yes ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }}
96+ # cosign sign --yes ${{ steps.digest.outputs.image_sha }}
97+ # - name: Verify the image signing
98+ # run: |
99+ # cosign verify --rekor-url "https://rekor.sigstore.dev/" ${{ steps.digest.outputs.image_sha }} --certificate-identity "https://github.com/saintmalik/sign-container-images/.github/workflows/keyless.yaml@refs/heads/main" --certificate-oidc-issuer "https://token.actions.githubusercontent.com" | jq .
0 commit comments