diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml index 384b3ab..03b7ac9 100644 --- a/.github/workflows/publish-container.yml +++ b/.github/workflows/publish-container.yml @@ -87,6 +87,7 @@ jobs: - name: ❔ Check Container files changed id: file_change + if: ${{ github.event_name != 'release' && github.event_name != 'workflow_dispatch' }} uses: dorny/paths-filter@v2.11.1 with: filters: | @@ -94,7 +95,7 @@ jobs: ./${{ matrix.path }}/* - name: 🏗 Extract version from dockerfile - if: ${{ steps.file_change.outputs.container_folder == 'true' }} + if: ${{ steps.file_change.outputs.container_folder != 'false' }} id: version run: | version_full=$(grep 'cloud.alwatr.image.version.full' ./${{ matrix.path }}/Dockerfile | cut -d'"' -f2) @@ -105,29 +106,29 @@ jobs: echo "version_short: $version_short" - name: 🏗 Install cosign - if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} + if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder != 'false' }} uses: sigstore/cosign-installer@v3.2.0 - name: 🏗 Setup Docker Buildx - if: ${{ steps.file_change.outputs.container_folder == 'true' }} + if: ${{ steps.file_change.outputs.container_folder != 'false' }} uses: docker/setup-buildx-action@v3.0.0 - name: 🏗 Cache Docker Layers - if: ${{ steps.file_change.outputs.container_folder == 'true' }} + if: ${{ steps.file_change.outputs.container_folder != 'false' }} uses: actions/cache@v3 with: path: /tmp/.buildx-cache - key: container-${{ matrix.name }} + key: container/${{ matrix.path }} - name: 🏗 Log into docker hub registry - if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} + if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder != 'false' }} uses: docker/login-action@v3.0.0 with: username: ${{env.USER}} password: ${{secrets.DOCKER_HUB_TOKEN}} - name: 🏗 Log into ghcr.io registry - if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} + if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder != 'false' }} uses: docker/login-action@v3.0.0 with: registry: ghcr.io @@ -135,7 +136,7 @@ jobs: password: ${{secrets.GITHUB_TOKEN}} - name: 🚀 Build and push container image - if: ${{ steps.file_change.outputs.container_folder == 'true' }} + if: ${{ steps.file_change.outputs.container_folder != 'false' }} id: build_and_push uses: docker/build-push-action@v5.1.0 with: @@ -152,12 +153,12 @@ jobs: BUILD_DATE=${{github.event.repository.updated_at}} BUILD_REV=${{github.sha}} - - name: 🏗 Sign the image with GitHub OIDC Token - if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder == 'true' }} - env: - COSIGN_EXPERIMENTAL: 'true' - run: | - cosign sign --yes "ghcr.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_full}}@${{steps.build_and_push.outputs.digest}}" - cosign sign --yes "ghcr.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_short}}@${{steps.build_and_push.outputs.digest}}" - cosign sign --yes "docker.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_full}}@${{steps.build_and_push.outputs.digest}}" - cosign sign --yes "docker.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_short}}@${{steps.build_and_push.outputs.digest}}" + # - name: 🏗 Sign the image with GitHub OIDC Token + # if: ${{ github.event_name != 'pull_request' && steps.file_change.outputs.container_folder != 'false' }} + # env: + # COSIGN_EXPERIMENTAL: 'true' + # run: | + # cosign sign --yes "ghcr.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_full}}@${{steps.build_and_push.outputs.digest}}" + # cosign sign --yes "ghcr.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_short}}@${{steps.build_and_push.outputs.digest}}" + # cosign sign --yes "docker.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_full}}@${{steps.build_and_push.outputs.digest}}" + # cosign sign --yes "docker.io/${{env.USER}}/${{matrix.name}}:${{steps.version.outputs.version_short}}@${{steps.build_and_push.outputs.digest}}"