ci: use docker metadata for build input

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-04-22 22:16:56 +02:00 · 2022-04-22 22:16:56 +02:00 · 0b5a9581cd
commit 0b5a9581cd
parent 6f07a27fad
1 changed files with 6 additions and 46 deletions
--- a/.github/workflows/artifacts.yaml
+++ b/.github/workflows/artifacts.yaml
@ -22,37 +22,6 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v3

-      - name: Calculate container image details
-        id: details
-        env:
-          CONTAINER_IMAGES: "ghcr.io/dexidp/dex dexidp/dex"
-        run: |
-          case $GITHUB_REF in
-            refs/tags/*)  VERSION=${GITHUB_REF#refs/tags/};;
-            refs/heads/*) VERSION=$(echo ${GITHUB_REF#refs/heads/} | sed -r 's#/+#-#g');;
-            refs/pull/*)  VERSION=pr-${{ github.event.number }};;
-            *)            VERSION=sha-${GITHUB_SHA::8};;
-          esac
-
-          VERSION_SUFFIX=""
-          if [[ "${{ matrix.variant }}" != "alpine" ]]; then
-            VERSION_SUFFIX="-${{ matrix.variant }}"
-          fi
-
-          TAGS=()
-          for image in $CONTAINER_IMAGES; do
-            TAGS+=("${image}:${VERSION}${VERSION_SUFFIX}")
-
-            if [[ "${{ github.event.repository.default_branch }}" == "$VERSION" ]]; then
-              TAGS+=("${image}:latest${VERSION_SUFFIX}")
-            fi
-          done
-
-          echo ::set-output name=version::${VERSION}
-          echo ::set-output name=tags::$(IFS=,; echo "${TAGS[*]}")
-          echo ::set-output name=commit_hash::${GITHUB_SHA::8}
-          echo ::set-output name=build_date::$(git show -s --format=%cI)
-
      - name: Gather metadata
        id: meta
        uses: docker/metadata-action@v3
@ -105,27 +74,18 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          push: ${{ github.event_name == 'push' }}
-          tags: ${{ steps.details.outputs.tags }}
+          tags: ${{ steps.meta.outputs.tags }}
          build-args: |
            BASE_IMAGE=${{ matrix.variant }}
-            VERSION=${{ steps.details.outputs.version }}
-            COMMIT_HASH=${{ steps.details.outputs.commit_hash }}
-            BUILD_DATE=${{ steps.details.outputs.build_date }}
-          labels: |
-            org.opencontainers.image.title=${{ github.event.repository.name }}
-            org.opencontainers.image.description=${{ github.event.repository.description }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.source=${{ github.event.repository.clone_url }}
-            org.opencontainers.image.version=${{ steps.details.outputs.version }}
-            org.opencontainers.image.created=${{ steps.details.outputs.build_date }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }}
-            org.opencontainers.image.documentation=https://dexidp.io/docs/
+            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
+            COMMIT_HASH=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
+            BUILD_DATE=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
+          labels: ${{ steps.meta.outputs.labels }}

      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@0.2.5
        with:
-          image-ref: "ghcr.io/dexidp/dex:${{ steps.details.outputs.version }}"
+          image-ref: "ghcr.io/dexidp/dex:${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}"
          format: "sarif"
          output: "trivy-results.sarif"
        if: github.event_name == 'push'