Skip to content

Commit 69fd9be

Browse files
tekenstamtekenstam
authored
ci: use repo name variable and add release update in image-push workflow (#483)
* ci: use repo name variable and add release update in image-push workflow - Replace all hardcoded 'instance-manager' strings with ${{ github.event.repository.name }} to make the workflow portable across repositories. - Add a step using softprops/action-gh-release to automatically update the GitHub Release with Docker image links and attestation information when a release tag is built. Signed-off-by: Todd Ekenstam <[email protected]> * ci: add the required permissions to update the release Signed-off-by: Todd Ekenstam <[email protected]> --------- Signed-off-by: Todd Ekenstam <[email protected]>
1 parent 2935436 commit 69fd9be

File tree

1 file changed

+25
-9
lines changed

1 file changed

+25
-9
lines changed

.github/workflows/image-push.yml

Lines changed: 25 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,9 @@
11
name: Create and publish image
22
permissions:
3-
contents: read # Needed to check out the repository
3+
contents: write # Needed to check out the repository and update releases
44
packages: write # Needed to push images to GitHub Container Registry (ghcr.io)
5+
attestations: write # For generating attestations
6+
id-token: write # For OIDC token authentication
57

68
on:
79
push:
@@ -13,11 +15,6 @@ jobs:
1315
build-and-push:
1416
name: Build and push image
1517
runs-on: ubuntu-latest
16-
permissions:
17-
contents: read
18-
packages: write
19-
attestations: write # For generating attestations
20-
id-token: write # For OIDC token authentication
2118
if: github.event_name != 'pull_request'
2219
steps:
2320
- name: Checkout
@@ -38,7 +35,7 @@ jobs:
3835
id: meta
3936
uses: docker/metadata-action@v5
4037
with:
41-
images: docker.io/${{ github.repository_owner }}/instance-manager,ghcr.io/${{ github.repository_owner }}/instance-manager
38+
images: docker.io/${{ github.repository_owner }}/${{ github.event.repository.name }},ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
4239
tags: |
4340
type=semver,pattern={{version}}
4441
type=semver,pattern={{major}}.{{minor}}
@@ -83,13 +80,32 @@ jobs:
8380
- name: Generate artifact attestation (dockerhub)
8481
uses: actions/attest-build-provenance@v2
8582
with:
86-
subject-name: docker.io/${{ github.repository_owner }}/instance-manager
83+
subject-name: docker.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
8784
subject-digest: ${{ steps.push.outputs.digest }}
8885
push-to-registry: true
8986

9087
- name: Generate artifact attestation (ghcr)
9188
uses: actions/attest-build-provenance@v2
9289
with:
93-
subject-name: ghcr.io/${{ github.repository_owner }}/instance-manager
90+
subject-name: ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
9491
subject-digest: ${{ steps.push.outputs.digest }}
9592
push-to-registry: true
93+
94+
- name: Update GitHub Release with image and attestation links
95+
if: startsWith(github.ref, 'refs/tags/v')
96+
uses: softprops/action-gh-release@v2
97+
with:
98+
tag_name: ${{ github.ref_name }}
99+
append_body: true
100+
body: |
101+
## Docker Images
102+
- [DockerHub](https://hub.docker.com/r/${{ github.repository_owner }}/${{ github.event.repository.name }}/tags?name=${{ github.ref_name }})
103+
- [GHCR](https://github.com/orgs/${{ github.repository_owner }}/packages/container/${{ github.event.repository.name }})
104+
- `docker pull ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.ref_name }}`
105+
- `docker pull ${{ github.repository_owner }}/${{ github.event.repository.name }}:${{ github.ref_name }}`
106+
107+
## Attestations
108+
- DockerHub attestation for `${{ github.ref_name }}` published (see OCI provenance)
109+
- GHCR attestation for `${{ github.ref_name }}` published (see OCI provenance)
110+
env:
111+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)