Merge pull request #2489 from dexidp/use-docker-meta

ci: use docker metadata for build input

.github/workflows/artifacts.yaml

@@ -22,37 +22,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Calculate container image details
-        id: details
-        env:
-          CONTAINER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex"
-        run: |
-          case $GITHUB_REF in
-            refs/tags/*)  VERSION=${GITHUB_REF#refs/tags/};;
-            refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');;
-            refs/pull/*)  VERSION=pr-${{ github.event.number }};;
-            *)            VERSION=sha-${GITHUB_SHA::8};;
-          esac
-
-          VERSION_SUFFIX=""
-          if [[ "${{ matrix.variant }}" != "alpine" ]]; then
-            VERSION_SUFFIX="-${{ matrix.variant }}"
-          fi
-
-          TAGS=()
-          for image in $CONTAINER_IMAGES; do
-            TAGS+=("${image}:${VERSION}${VERSION_SUFFIX}")
-
-            if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then
-              TAGS+=("${image}:latest${VERSION_SUFFIX}")
-            fi
-          done
-
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}")
-          echo ::set-output name=commit_hash::${GITHUB_SHA::8}
-          echo ::set-output name=build_date::$(git show -s --format=%cI)
-
       - name: Gather metadata
         id: meta
         uses: docker/metadata-action@v3
@@ -105,27 +74,18 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           push: ${{ github.event_name == 'push' }}
-          tags: ${{ steps.details.outputs.tags }}
+          tags: ${{ steps.meta.outputs.tags }}
           build-args: |
             BASE_IMAGE=${{ matrix.variant }}
-            VERSION=${{ steps.details.outputs.version }}
-            COMMIT_HASH=${{ steps.details.outputs.commit_hash }}
-            BUILD_DATE=${{ steps.details.outputs.build_date }}
-          labels: |
-            org.opencontainers.image.title=${{ github.event.repository.name }}
-            org.opencontainers.image.description=${{ github.event.repository.description }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.details.outputs.version }}
-            org.opencontainers.image.created=${{ steps.details.outputs.build_date }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
-            org.opencontainers.image.documentation=https://dexidp.io/docs/
+            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
+            COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+            BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
+          labels: ${{ steps.meta.outputs.labels }}
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@0.2.5
         with:
-          image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}"
+          image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
           format: "sarif"
           output: "trivy-results.sarif"
         if: github.event_name == 'push'