Skip to content

Commit

Permalink
fix: only do Docker attestation on tags
Browse files Browse the repository at this point in the history
  • Loading branch information
SMillerDev authored Aug 14, 2024
1 parent 37df6fb commit 266a1bc
Showing 1 changed file with 13 additions and 17 deletions.
30 changes: 13 additions & 17 deletions .github/workflows/docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,35 +56,31 @@ jobs:
- name: Run brew test-bot --only-setup
run: docker run --rm brew brew test-bot --only-setup

- run: docker image inspect --format=json brew
- run: docker image inspect --format='{{.Id}}' brew

- run: docker images --digests brew
- run: docker images --digests brew --format='{{.Digest}}'
- name: Deploy the tagged Docker image to GitHub Packages
if: startsWith(github.ref, 'refs/tags/')
run: |
brew_version="${GITHUB_REF:10}"
echo "brew_version=${brew_version}" >> "${GITHUB_ENV}"
echo ${{secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN}} | docker login ghcr.io -u BrewTestBot --password-stdin
docker tag brew "ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker push "ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker tag brew "ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
docker push "ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
- name: Generate image digest
if: startsWith(github.ref, 'refs/tags/')
id: digest
run: echo "digest=$(docker image inspect --format='{{.Digest}}' brew)" >> "$GITHUB_OUTPUT"
run: echo "digest=$(docker image inspect --format='{{.Digest}}' brew:${brew_version})" >> "$GITHUB_OUTPUT"

Check failure on line 73 in .github/workflows/docker.yml

View workflow job for this annotation

GitHub Actions / workflow_syntax

shellcheck reported issue in this script: SC2086:info:1:65: Double quote to prevent globbing and word splitting

- name: Generate build provenance
uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3
if: startsWith(github.ref, 'refs/tags/')
id: attest
with:
subject-name: ghcr.io/homebrew/ubuntu${{matrix.version}}
subject-digest: ${{ steps.digest.outputs.digest }}
push-to-registry: ${{ startsWith(github.ref, 'refs/tags/') }}

- name: Deploy the tagged Docker image to GitHub Packages
if: startsWith(github.ref, 'refs/tags/')
run: |
brew_version="${GITHUB_REF:10}"
echo "brew_version=${brew_version}" >> "${GITHUB_ENV}"
echo ${{secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN}} | docker login ghcr.io -u BrewTestBot --password-stdin
docker tag brew "ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker push "ghcr.io/homebrew/ubuntu${{matrix.version}}:${brew_version}"
docker tag brew "ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
docker push "ghcr.io/homebrew/ubuntu${{matrix.version}}:latest"
- name: Deploy the tagged Docker image to Docker Hub
if: startsWith(github.ref, 'refs/tags/')
run: |
Expand Down

0 comments on commit 266a1bc

Please sign in to comment.