docs: public beta #1

Workflow file for this run

.github/workflows/docker.yaml at 3091cd9

	name: Build Docker images

	on:
	push:
	tags:
	- "v*"

	jobs:
	docker-cm:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	outputs:
	digest: ${{ steps.build.outputs.digest }}
	steps:
	- name: Checkout the repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

	- name: Login to Docker Hub
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
	with:
	images: ctferio/chall-manager

	- name: Git commit date
	id: infos
	run: \|
	# trim version prefix
	version=${{ github.ref_name }}
	version="${version#"v"}"
	echo "version=$version" >> "$GITHUB_OUTPUT"

	# output date per RFC 3339
	date="$(git log -1 --format=%cd --date=format:%Y-%m-%dT%H:%M:%SZ)"
	echo "date=$date" >> "$GITHUB_OUTPUT"

	- name: Build and push Docker image
	uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
	id: build
	with:
	push: true
	sbom: true # may not produce SBOM in manifest if the image has no filesystem (e.g. "FROM scratch")
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	file: Dockerfile.chall-manager
	build-args: \|
	VERSION=${{ steps.infos.outputs.version }}
	COMMIT=${{ github.sha }}
	DATE=${{ steps.infos.outputs.date }}

	# This step calls the container workflow to generate provenance and push it to
	# the container registry.
	provenance-cm:
	needs: [docker-cm]
	permissions:
	actions: read # for detecting the Github Actions environment.
	id-token: write # for creating OIDC tokens for signing.
	packages: write # for uploading attestations.
	if: startsWith(github.ref, 'refs/tags/')
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
	with:
	image: ctferio/chall-manager
	digest: ${{ needs.docker-cm.outputs.digest }}
	secrets:
	registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
	registry-password: ${{ secrets.DOCKERHUB_TOKEN }}



	docker-cmj:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	outputs:
	digest: ${{ steps.build.outputs.digest }}
	steps:
	- name: Checkout the repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0

	- name: Login to Docker Hub
	uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
	with:
	images: ctferio/chall-manager-janitor

	- name: Git commit date
	id: infos
	run: \|
	# trim version prefix
	version=${{ github.ref_name }}
	version="${version#"v"}"
	echo "version=$version" >> "$GITHUB_OUTPUT"

	# output date per RFC 3339
	date="$(git log -1 --format=%cd --date=format:%Y-%m-%dT%H:%M:%SZ)"
	echo "date=$date" >> "$GITHUB_OUTPUT"

	- name: Build and push Docker image
	uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0
	id: build
	with:
	push: true
	sbom: true # may not produce SBOM in manifest if the image has no filesystem (e.g. "FROM scratch")
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	file: Dockerfile.chall-manager-janitor
	build-args: \|
	VERSION=${{ steps.infos.outputs.version }}
	COMMIT=${{ github.sha }}
	DATE=${{ steps.infos.outputs.date }}

	# This step calls the container workflow to generate provenance and push it to
	# the container registry.
	provenance-cmj:
	needs: [docker-cmj]
	permissions:
	actions: read # for detecting the Github Actions environment.
	id-token: write # for creating OIDC tokens for signing.
	packages: write # for uploading attestations.
	if: startsWith(github.ref, 'refs/tags/')
	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
	with:
	image: ctferio/chall-manager-janitor
	digest: ${{ needs.docker-cmj.outputs.digest }}
	secrets:
	registry-username: ${{ secrets.DOCKERHUB_USERNAME }}
	registry-password: ${{ secrets.DOCKERHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: public beta #1

Workflow file

docs: public beta #1

Jobs

Run details

Workflow file for this run