From 7b62b4e8658c0c96992ff3be903257dfd4b7e0e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hampus=20N=C3=A4sstr=C3=B6m?= Date: Wed, 3 Apr 2024 11:46:33 +0200 Subject: [PATCH] Remove cosign from docker workflow (#13) * Updated nomad-oasis.zip with lowercase organization name * Removed cosign from docker-publish.yml --------- Co-authored-by: Adam Fekete --- .github/workflows/docker-publish.yml | 63 +++++---------------------- nomad-oasis.zip | Bin 4918 -> 4916 bytes 2 files changed, 12 insertions(+), 51 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a22ccf3..ac014b8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -18,84 +18,45 @@ on: workflow_dispatch: env: - # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - # github.repository as / IMAGE_NAME: ${{ github.repository }} jobs: - build: - runs-on: ubuntu-latest permissions: contents: read packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - steps: - name: Checkout repository uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 with: - cosign-release: 'v2.1.1' - - # Set up BuildKit Docker container builder to be able to build - # multi-platform images and export cache - # https://github.com/docker/setup-buildx-action + submodules: True + - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/setup-buildx-action@v3 + + - name: Login + uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action + - name: Extract Docker metadata id: meta - uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image + + - name: Build and push id: build-and-push - uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + uses: docker/build-push-action@v5 with: context: . push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha - cache-to: type=gha,mode=max - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + cache-to: type=gha,mode=max \ No newline at end of file diff --git a/nomad-oasis.zip b/nomad-oasis.zip index 75b59d7c3430634705f76c922c011685cd56a97c..6ae5518441e7af952edc2b2880c6681872a1207a 100644 GIT binary patch delta 1682 zcmV;D25tGaCbT9EP)h>@3IG5A008V-gOLp)2n!$$W(*(=W|I#L8L?1A1qtk0gIF7+ z?(mqCodqv{3m^?<3m^?L77(~|7Zq7Tgs_BU zc}^m|MpL{b?ybVH-RaoR^is$&iD^c7kl_?C8B1{#Ff6DDD!c}gY(+WCQj*E?g9uq@ z;=O!1m|b24{mIZ9od;dtzZmq-rthx&3%@tL@`jUfcR0H2U!C98>Ggm2-VA5Kn`wV? z*7(+cR@m5^PWOPledSMQXO0G}SW={=3rqBk2b>k=PD1BSW5bx>M8;uE!s|*$f?Hkm zXRCYJYdt}&3T{OdFEb`24TX|hmY@l^rhNWbP@*4mnk`!&%vLm$5L2AEsM8kJ_B17| zkaZC!l2b4m9k-1{2R6tFrz|RwniDc6ND$0_!x)0IgcyR9Bv{$BHzgt#0O&rc+wD9)&kQ_k)c6d7)zOd zyG~__d-}B9c7hN~r?jH=ed+PMPLBer2vVm;(Hw*+%a&|!Zj|U}cH4gb)sSoK?towV zqjNv#c{4BQ4JKzg5RNvfzCQHN%`#azS&<~$!(7^RXAj%44b(A+IS#Lj+}NI`IE&1o zB4k+!Tjp5Cw;uzSnasU6MfB!(CGOLI7wygqN2zbHr7RRp837J7M2FGb=0(;mk8t#t zDk^U0@5eT~KK#z)xv4EWw&)Y%s_Pu(oIxj2`S%!BOX=P;TE-!_DRUrMc#5T!Eh6gZ z{h^2ouxDOKXnU3|)%=zw~+m^p&@RZhxm@g}dn?s&(9dw#f#j zKlG-vLDxX)6|O>*94^;y)1g`gZck_4^pybs`y|JiSQt|xl9MbF0kr=rRE_R#+!0Z! zCj>Jb1SLt=2GS`0duh}P!XEgIOnju14s;fDDawf2Yn&#ogY&%hzAZx+qD0jM%{P-*ZN@tS^ya6dA=YzI1uE#e28h7uOyB!&Th+C6E*JY@Yl z!_Y=Q<0NI0Ajw!FP+ZK>(dz;V4dKACCy3ZfTi>v}0h$5ino3nHYC(Lka&gQ2Zz~wL zdd-~b`Q3~DBpCH)swiye5UJ|wj!f+OqY+e(U@)%d<6WFuZ?$dxueAfSnblj%S_#^$ zd_PxR`vIA&VEWPudFz;eTbqFY+-*Xwp=N&<9d;nS+|$#};jaE#+7l)e;V7jUg1uC3 z{1lbpq+@bNQ`6B@alp7AQZ1To2`*F&vJcM_qOVr9)vB6n*R{$xC{O215V%vo*s*}q zqEA%DL0zrL)d6af2d*-kefZmI&8{wf-=wdK+Xd(P4z4 z4QGfg7QY>C^LxYVO3PMnu0v#4zUx&xf}8sS7m3u%J1BEA>F-6C`ptHSf*IJr-!s4G z-+%C{<8wgQPJhxmhRSzvQ1eQS#-*=YcYb?Om86j$TYzR=L7U_97HkDj;A^rD6NayM zf-6Al;J{1|+H4b_y4tou;~$eA3>veS3#S4D>{^49K@Knk3m^?5Mu#!lkX5A zlXMYC1JVotlkp59lM)d!5g-5<000000000G0PR654FHqz3>lL>5=sMw4FHqz3>lN7 c5=H~t4FHqz3>K3R4hWM96D9^Q4gdfE0I5M12LJ#7 delta 1665 zcmV-{27dXpCblLGP)h>@3IG5A006g9XORse2T6tLWl4qUlMD3Aa&aScl=k zmYS2D1uuU|h3REUh3RE=cnbgl1n2_*00ig*007-sZExC05dO}uSkaS`>S`MrwM~4= z2Ny_6LofmQaynJkVlUXj_PV=kT2$SCzuEOV*aTV{^_t$Pk!sIAv!0!K=4DwC#v_{A zsCm+CG&o_a$S2%xAoK{$7+n&E=9D3y#DuLu%J6?|7K!AeM8F&20yANwJdFwG1{XBT zNTAlD1TToaQ8+Q%ZS$F0@@Xn?loIBpH~~yb6C8LH^N4#TUI9tEiWp53l8WMk2pMSX zynNZ8Uf+1V@xU2gdL7rj>i5nk?{3^Hw>!CU2IEm@Fud;FT;A2`_AZ<^gQ@ps(i@-G zzO{c7HgYDD17L4oxs&O+r2s1$=Skth0)6WNYlWE=M>DIoVMuT+LO&$_veXgaRvZ1* z>|A%7Pf)Xj8$pB@Ddi&axs)3Qk7965@%%B5hq5 zqAFrUun3GsCoL^ef%P)NA{rD(#R(A-#0h_9eh9%?Kny`jVk~Vsm=Xc?fmfzhGkt35 z$7199oBhIU!{0Y~qm}m4rZ@3kJ8vD&9Ze_a#`}anYd=j8Jbac9x3D1MK3xIXO|j0% zIR|IP#7JpCc1O27yp?li@enhzb(#PR{MA6~XStb*c=g@SSzHqs#vDi6B29y;Fcg0x zv#rt;`|N3}WqCdpR$)c+$I|0@l^!`%5hPEIf*A-Cnl9+U+$hk`%$E85n;}=&{QSeOB(malLhqzf> zi;CU;`>{!vM?aW6x3xvZ7JZ^jcAevlQRqZ6{~p6?Aw8Hzi_m9gM6C;_KTfbPh8Nww zrS^v+%E6vlE}-ohf+Sgt1+fz#**6JS7_pCWL-*S0deB$i_B*}3iY4y0hsb}{v1yYv zOmE;!ru~kFR4ZJGC^%fKZ_=S$1#VBK&g7K_0Q&^PDW7Xo0+Nw5;2yO9GE}whuH6wt zLQM#IIPeORt~I1q{14Ko6odotTbcMsB^~I@qXjP_YOZk-+ZN8U%KNSio$~@!5!CZE zTZ@pU$Vl|OgAAt#qq!kt$xnYH2L8_}GH%M@sKR0R3OdGFgnmb$`FSlF46+BNFIaF7 z?v`3xpo!;<`rgPL1F=q9HN?fl>%E`$#zSY|y>rJ`{h=zcz0TAf{|S@kZ=-j&CG3|; zh7vY}69MMUON~n@6XAa+T~J~0SMiE|ns7fey-W)_ipj$Vn}%ZQ<2ZkW0op!o!8~OA zJHyacKVu}Jf*?U@%u$%n(DCaW3Jqbvu_uU_3sc>&oIaWYWElxrEGj{KuyV0s{`VD( zjb1&cx^CyHH};0TsVoXxIz-62x+fDm?r;dz!|RW#`FIy6*PAU<{cG;QY-jb(vQ~h$ zE8nkG*M36gN|?H|Lf(H``qswbKYN!@X~@~%Mn`Q(FZ=AQeYCH?7WVjYgm92VDT2LZ zZu}CJ;k2!DM^V#KRI$LgpHeOAZ3!+^6tWM`Vxq2AmDRGEE7vuPI7m-tloPm9z}PW| z)1pt22)(LWp2-7LBoAC=w)^n+)tY@>{Ju$bx5xiK=i6QRx9xvRO(8CSiQ1-7^Fx)i zYQ}|u7g)3+4ER?FWLr}J+0m5fV6MrZmOk5UvwdQo892_0ADX_-B=v>*fz>w1SfHZ- zLmN&JozMR`+U56}*QJ&z-)xHrzj#-xW&k($InHCDmiJKRcG5qHF4ddu9tAzHfxoA2 z*S-JXSH)+5uADpmv;~!~(WrQ(LgT{M%{#xn$VyVnj~zh0E}`{tc?Y%xNbr)Z{g~qA zUT_I$HX3?*P-g4+RMmD38vm2g3>&kR3#S4Dw^3)4KMpVhNrmZ?APyX}jt(LL3Aa&a zScl=kmYS2f4?P1(h3S)k5iAfD02lxO0000001yD}L46C8ArcppOb|i>%nOqt5*m}L z5JCYSlTi^NlMWF=0d|v75orO`lTi^HlhzSQ0WFgt5@i90lOPfslc5qu0o{`z5*U&b LE(S6V00000i#Qkm