Skip to content
.github/workflows/Stack-InitzBuilderdockerfile.yaml

.github/workflows/Stack-InitzBuilderdockerfile.yaml #5

Sign in to view logs

.github/workflows/Stack-InitzBuilderdockerfile.yaml

.github/workflows/Stack-InitzBuilderdockerfile.yaml #5

Workflow file for this run

.github/workflows/Stack-InitzBuilderdockerfile.yaml at 604af4e
on:
workflow_dispatch:
inputs:
image:
description: 'Image to Release'
required: true
type: string
tag:
description: 'Tag'
required: true
type: string
permissions:
id-token: write # This is required for GH OIDC connection
contents: read # This is required for actions/checkout
jobs:
image-release:
runs-on: ubuntu-latest
steps:
- name: Git checkout
uses: actions/checkout@v3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_USERNAME }}
password: ${{ secrets.INITIALIZ_BUILDPACKS_DOCKERHUB_PASSWORD }}
- name: Build image
run: |
docker build -t initzbuilder/stack/${{ inputs.image }}:${{ inputs.tag }} -f initzbuilder/stack/${{ inputs.image }}/Dockerfile .
docker tag initzbuilder/stack/${{ inputs.image }}:${{ inputs.tag }} initializbuildpacks/go-securepack-${{ inputs.image }}:${{ inputs.tag }}
- name: Tag and push Docker image to Docker Hub
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
REPOSITORY: ${{ inputs.image }}
run: |
docker push initializbuildpacks/go-securepack-${{ inputs.image }}:${{ inputs.tag }}
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- name: Sign the images
run: |
cosign sign \
--yes initializbuildpacks/go-securepack-${{ inputs.image }}:${{ inputs.tag }}
- name: Verify the pushed tags
run: |
cosign verify \
initializbuildpacks/go-securepack-${{ inputs.image }}:${{ inputs.tag }} \
--certificate-identity https://github.com/initializ/secure-images/.github/workflows/InitzBuilderdockerfile.yaml@refs/heads/main \
--certificate-oidc-issuer https://token.actions.githubusercontent.com | jq