Skip to content

feat: publish signed Docker image to GAR on release#7

Merged
simpsonw merged 3 commits into
mainfrom
simpsonw.release-docker-image-v2
Mar 23, 2026
Merged

feat: publish signed Docker image to GAR on release#7
simpsonw merged 3 commits into
mainfrom
simpsonw.release-docker-image-v2

Conversation

@simpsonw
Copy link
Copy Markdown
Member

@simpsonw simpsonw commented Mar 23, 2026

Summary

  • Adds GoReleaser dockers_v2 config to build and push a minimal scratch-based Docker image to GAR as part of each release
  • Both release binaries and Docker images are signed with cosign (keyless, via Sigstore) using GoReleaser's signs and docker_signs pipelines
  • Adds GCP credentials file to .gitignore so goreleaser doesn't fail with "git is in a dirty state"
  • Adds docker/setup-buildx-action required by dockers_v2 for attestation support

Test plan

  • Merge and verify the release workflow completes successfully
  • Verify the Docker image is pushed to GAR
  • Verify cosign signatures on both binaries and Docker image

🤖 Generated with Claude Code

simpsonw and others added 3 commits March 23, 2026 12:41
@simpsonw @claude
feat: publish signed Docker image to GAR on release
8e4ace1 
Add GoReleaser dockers_v2 config to build and push a minimal
scratch-based Docker image to GAR as part of each release.
Both release binaries and Docker images are signed with cosign
(keyless, via Sigstore) using GoReleaser's signs and docker_signs
pipelines.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@simpsonw @claude
fix: add GCP credentials file to .gitignore for goreleaser
2cf95b2 
The google-github-actions/auth step writes a temporary credentials
file to the workspace, causing goreleaser to fail with "git is in
a dirty state".

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@simpsonw @claude
fix: add Docker Buildx setup for goreleaser dockers_v2
26df75c 
The dockers_v2 feature uses buildx with --push and --attest flags,
which require a buildx builder (the default docker driver doesn't
support attestations).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@simpsonw simpsonw merged commit fbea1db into main Mar 23, 2026
2 checks passed
@simpsonw simpsonw deleted the simpsonw.release-docker-image-v2 branch March 23, 2026 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ericnorris ericnorris ericnorris approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simpsonw @ericnorris