Skip to content
Docker Hub - Develop

Add SBOM and Attestation to the Docker release process (#477) #163

Sign in to view logs

Add SBOM and Attestation to the Docker release process (#477)

Add SBOM and Attestation to the Docker release process (#477) #163

Workflow file for this run

.github/workflows/docker-hub-develop.yml at 337d7c7
# Copied from https://github.com/matrix-org/matrix-bifrost/blob/develop/.github/workflows/docker-hub-latest.yml
name: "Docker Hub - Develop"
on:
push:
branches:
- main
env:
DOCKER_NAMESPACE: gnuxie
PLATFORMS: linux/amd64,linux/arm64
# Only push if this is main, otherwise we just want to build
PUSH: ${{ github.ref == 'refs/heads/main' }}
jobs:
docker-latest:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
attestations: write
steps:
- name: Check out
uses: actions/checkout@v4
- name: Unshallow for git describe so we can create version.txt
run: git fetch --prune --unshallow --tags --all --force
- name: Prepare version file
run: git describe > version.txt
# Needed for multi platform builds
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: ${{ env.PLATFORMS }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build image
id: push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: ${{ env.PLATFORMS }}
push: ${{ env.PUSH }}
tags: |
${{ env.DOCKER_NAMESPACE }}/draupnir:develop
- name: Attest
uses: actions/attest-build-provenance@v1
id: attest
with:
subject-name: ${{ env.DOCKER_NAMESPACE }}/draupnir:develop
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true