Merge branch 'main' of https://github.com/leplusorg/docker-yaml

leplusorg · Apr 1, 2024 · fdb20d7 · fdb20d7
2 parents b160068 + 2326260
commit fdb20d7
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml
@@ -41,7 +41,7 @@ jobs:
             type=semver,pattern={{major}}
             type=sha
       - uses: docker/login-action@v3
-        if: github.event_name != 'pull_request'
+        if: github.ref == 'refs/heads/main'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -56,28 +56,32 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Sign the published Docker image
-        if: ${{ github.ref == 'refs/heads/main' }}
+        if: github.ref == 'refs/heads/main'
         env:
           TAGS: ${{ steps.meta.outputs.tags }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
-        run: \echo "${TAGS}" | \xargs -I {} cosign sign --yes "{}@${DIGEST}" \
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        run: |
+          \echo "${COSIGN_PRIVATE_KEY}" > cosign.key
+          \echo "${TAGS}" | \xargs -I {} cosign sign --key cosign.key --yes "{}@${DIGEST}" \
             -a "workflow=${{ github.workflow }}" \
             -a "repo=${{ github.repository }}" \
             -a "branch=${{ github.ref_name }}" \
             -a "ref=${{ github.sha }}"
+          \rm -f cosign.key
       - name: Test the Docker image
         working-directory: ${{ env.IMAGE }}
         run: docker compose -f docker-compose.test.yml run sut
       - name: Set RELEASE
-        if: github.event_name != 'pull_request'
+        if: github.ref == 'refs/heads/main'
         run: |
           # shellcheck disable=SC2086
           RC="$(\grep ${IMAGE}/Dockerfile -e '^FROM' | \head -n 1 | \sed -e 's/^.*://')"
           if [[ "${RC}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] && ! \git show-ref --tags --verify --quiet "refs/tags/v${RC}" ; then
             \echo "RELEASE=${RC}" >> "${GITHUB_ENV}"
           fi
       - name: Trigger release
-        if: ${{ env.RELEASE != '' }}
+        if: env.RELEASE != ''
         uses: actions/create-release@v1
         env:
           GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}

diff --git a/.github/workflows/dockerrealase.yml b/.github/workflows/dockerrealase.yml
@@ -28,7 +28,7 @@ jobs:
             type=semver,pattern={{major}}
             type=sha
       - uses: docker/login-action@v3
-        if: github.event_name != 'pull_request'
+        if: github.ref == 'refs/heads/main'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}