Docker #19

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/docker-publish.yml at 4cdbce9

	name: Docker

	on:
	workflow_dispatch:
	push:
	tags: [ 'v..*' ]

	env:
	# Use docker.io for Docker Hub if empty
	REGISTRY: ghcr.io
	# github.repository as <account>/<repo>
	IMAGE_NAME: ${{ github.repository }}

	jobs:
	build:

	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	id-token: write

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	# Install Nix
	- name: Install Nix
	uses: cachix/install-nix-action@v27
	with:
	github_access_token: ${{ secrets.GITHUB_TOKEN }}

	# Build the Docker image using Nix flake
	- name: Build Docker image with Nix
	run: nix build .#docker --out-link ./docker-result

	# Log into the Docker registry
	- name: Log into registry ${{ env.REGISTRY }}
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	# Push the built Docker image to the registry
	- name: Push Docker image
	run: \|
	REGISTRY=$(echo "${{ env.REGISTRY }}" \| tr '[:upper:]' '[:lower:]')
	IMAGE_NAME=$(echo "${{ env.IMAGE_NAME }}" \| tr '[:upper:]' '[:lower:]')
	docker load -i ./docker-result
	IMAGE_ID=$(docker images --format '{{.ID}}' \| head -n 1)
	docker tag ${IMAGE_ID} ${REGISTRY}/${IMAGE_NAME}:latest
	docker push ${REGISTRY}/${IMAGE_NAME}:latest
	env:
	IMAGE_NAME: ${{ env.IMAGE_NAME}}
	REGISTRY: ${{ env.REGISTRY}}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	# Install Cosign
	- name: Install Cosign
	run: \|
	curl -Lo cosign https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64
	chmod +x cosign
	sudo mv cosign /usr/local/bin/

	# Sign the resulting Docker image digest
	- name: Sign the published Docker image
	env:
	TAGS: ${{ env.IMAGE_NAME}}
	run: \|
	REGISTRY=$(echo "${{ env.REGISTRY }}" \| tr '[:upper:]' '[:lower:]')
	IMAGE_NAME=$(echo "${{ env.IMAGE_NAME }}" \| tr '[:upper:]' '[:lower:]')
	DIGEST=$(skopeo inspect docker://${REGISTRY}/${IMAGE_NAME}:latest --format "{{.Digest}}")
	echo "${IMAGE_NAME}" \| xargs -I {} cosign sign --yes {}@${DIGEST}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Docker #19

Workflow file

Docker #19

Jobs

Run details

Workflow file for this run