From 0b5a9581cd717bc6649c5c1d0cc98f72c54b6bf4 Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Fri, 22 Apr 2022 22:16:56 +0200 Subject: [PATCH] ci: use docker metadata for build input Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 52 ++++---------------------------- 1 file changed, 6 insertions(+), 46 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 2178469e..241851d1 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -22,37 +22,6 @@ jobs: - name: Checkout uses: actions/checkout@v3 - - name: Calculate container image details - id: details - env: - CONTAINER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex" - run: | - case $GITHUB_REF in - refs/tags/*) VERSION=${GITHUB_REF#refs/tags/};; - refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');; - refs/pull/*) VERSION=pr-${{ github.event.number }};; - *) VERSION=sha-${GITHUB_SHA::8};; - esac - - VERSION_SUFFIX="" - if [[ "${{ matrix.variant }}" != "alpine" ]]; then - VERSION_SUFFIX="-${{ matrix.variant }}" - fi - - TAGS=() - for image in $CONTAINER_IMAGES; do - TAGS+=("${image}:${VERSION}${VERSION_SUFFIX}") - - if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then - TAGS+=("${image}:latest${VERSION_SUFFIX}") - fi - done - - echo ::set-output name=version::${VERSION} - echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}") - echo ::set-output name=commit_hash::${GITHUB_SHA::8} - echo ::set-output name=build_date::$(git show -s --format=%cI) - - name: Gather metadata id: meta uses: docker/metadata-action@v3 @@ -105,27 +74,18 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max push: ${{ github.event_name == 'push' }} - tags: ${{ steps.details.outputs.tags }} + tags: ${{ steps.meta.outputs.tags }} build-args: | BASE_IMAGE=${{ matrix.variant }} - VERSION=${{ steps.details.outputs.version }} - COMMIT_HASH=${{ steps.details.outputs.commit_hash }} - BUILD_DATE=${{ steps.details.outputs.build_date }} - labels: | - org.opencontainers.image.title=${{ github.event.repository.name }} - org.opencontainers.image.description=${{ github.event.repository.description }} - org.opencontainers.image.url=${{ github.event.repository.html_url }} - org.opencontainers.image.source=${{ github.event.repository.clone_url }} - org.opencontainers.image.version=${{ steps.details.outputs.version }} - org.opencontainers.image.created=${{ steps.details.outputs.build_date }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} - org.opencontainers.image.documentation=https://dexidp.io/docs/ + VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} + COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} + BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} + labels: ${{ steps.meta.outputs.labels }} - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.2.5 with: - image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}" + image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}" format: "sarif" output: "trivy-results.sarif" if: github.event_name == 'push'