Skip to content

Move Podman login to Docker location for Cosign #87

Move Podman login to Docker location for Cosign

Move Podman login to Docker location for Cosign #87

Workflow file for this run

name: build-custom-silverblue
on:
pull_request:
merge_group:
schedule:
- cron: '5 3 * * *' # 3am-ish UTC everyday (timed against official fedora container pushes)
workflow_dispatch:
jobs:
build_custom_silverblue:
name: main
runs-on: ubuntu-24.04
permissions:
contents: read
packages: write
id-token: write
strategy:
fail-fast: false
steps:
# Checkout push-to-registry action GitHub repository

Check failure on line 21 in .github/workflows/build.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/build.yaml

Invalid workflow file

You have an error in your yaml syntax on line 21
- name: Checkout Push to Registry action
uses: actions/checkout@v4
# https://github.com/marketplace/actions/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/[email protected]
with:
cosign-release: 'v2.4.0'
# Build image using Buildah action
- name: Build Image
id: build_image
uses: redhat-actions/buildah-build@v2
with:
containerfiles: |
./Containerfile
image: ghcr.io/samhclark/custom-silverblue
tags: |
${{ github.sha }}
40
oci: false
- name: Push To GHCR
uses: redhat-actions/push-to-registry@v2
id: push
if: github.event_name != 'pull_request'
with:
image: ${{ steps.build_image.outputs.image }}
tags: ${{ steps.build_image.outputs.tags }}
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.actor }}
password: ${{ github.token }}
extra-args: |
--disable-content-trust
# - name: Login to GitHub Container Registry
# uses: docker/login-action@v3
# if: github.event_name != 'pull_request'
# with:
# registry: ghcr.io
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
-name: Copy Podman login to Docker location for Cosign
if: github.event_name != 'pull_request'
run: |
cat /run/containers/0/auth.json > ~/.docker/config.json
- name: Sign the published OCI image
if: ${{ github.event_name != 'pull_request' }}
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
IMAGE: ${{ steps.build_image.outputs.image }}
TAGS: ${{ steps.build_image.outputs.tags }}
DIGEST: ${{ steps.push.outputs.digest }}
SIGSTORE_ID_TOKEN:
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes ${IMAGE}:{}@${DIGEST}
- name: Echo outputs
if: github.event_name != 'pull_request'
run: |
echo "${{ toJSON(steps.push.outputs) }}"