mirror of
https://github.com/dashpay/dash.git
synced 2024-12-27 04:52:59 +01:00
e10c5c9579
9178e8a75f
feat: add smob and provenance in release for dockerhub; use jammy; apt remove as possible (pasta) Pull request description: ## Issue being fixed or feature implemented Docker provenance refers to the origin and history of Docker images, including how they were built, modified, and by whom. An SBOM (Software Bill of Materials) is a detailed list of all components in a software application, providing transparency about libraries, dependencies, and versions used, which is crucial for security and compliance. ## What was done? Add SBOM and provenance to docker build; this may allow some level of validation that GitHub actions is actually doing what it says it is. See this for more information https://docs.docker.com/build/ci/github-actions/attestations/ ## How Has This Been Tested? Building with buildx with sbom and provenance flags locally ## Breaking Changes None ## Checklist: _Go over all the following points, and put an `x` in all the boxes that apply._ - [x] I have performed a self-review of my own code - [ ] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ ACKs for top commit: UdjinM6: utACK9178e8a75f
Tree-SHA512: 6e3f35a0b30f002e2d5d80d6dd18ee554a1c15c62c1d4cbe1185f38977f55a199998515cf5bb9a027670f068f3d56ef33faa062d8c4122a886375d00afe6bf2f
81 lines
2.2 KiB
YAML
81 lines
2.2 KiB
YAML
name: Release to Docker Hub
|
|
|
|
on:
|
|
release:
|
|
types: [published]
|
|
|
|
jobs:
|
|
release:
|
|
name: Release to Docker Hub
|
|
runs-on: ubuntu-22.04
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v2
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Login to DockerHub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Set raw tag
|
|
id: get_tag
|
|
run: |
|
|
TAG=${{ github.event.release.tag_name }}
|
|
echo "build_tag=${TAG#v}" >> $GITHUB_OUTPUT
|
|
|
|
- name: Set suffix
|
|
uses: actions/github-script@v6
|
|
id: suffix
|
|
with:
|
|
result-encoding: string
|
|
script: |
|
|
const fullTag = '${{ github.event.release.tag_name }}';
|
|
if (fullTag.includes('-')) {
|
|
const [, fullSuffix] = fullTag.split('-');
|
|
const [suffix] = fullSuffix.split('.');
|
|
return `-${suffix}`;
|
|
} else {
|
|
return '';
|
|
}
|
|
|
|
- name: Set Docker tags and labels
|
|
id: docker_meta
|
|
uses: docker/metadata-action@v4
|
|
with:
|
|
images: dashpay/dashd
|
|
tags: |
|
|
type=match,pattern=v(\d+),group=1
|
|
type=match,pattern=v(\d+.\d+),group=1
|
|
type=match,pattern=v(\d+.\d+.\d+),group=1
|
|
type=match,pattern=v(.*),group=1,suffix=
|
|
flavor: |
|
|
suffix=${{ steps.suffix.outputs.result }},onlatest=true
|
|
|
|
- name: Build and push
|
|
id: docker_build
|
|
uses: docker/build-push-action@v3
|
|
with:
|
|
context: ./contrib/containers/deploy
|
|
file: ./contrib/containers/deploy/Dockerfile.GitHubActions.Release
|
|
push: true
|
|
provenance: mode=max
|
|
sbom: true
|
|
tags: ${{ steps.docker_meta.outputs.tags }}
|
|
labels: ${{ steps.docker_meta.outputs.labels }}
|
|
build-args: |
|
|
TAG=${{ steps.get_tag.outputs.build_tag }}
|
|
GITHUB_REPOSITORY=${{ github.repository }}
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
platforms: linux/amd64,linux/arm64
|
|
|
|
- name: Image digest
|
|
run: echo ${{ steps.docker_build.outputs.digest }}
|