Skip to content

Added the corresponding workflows #1

Added the corresponding workflows

Added the corresponding workflows #1

on:
workflow_dispatch:
inputs:
image:
description: 'Image to Release'
required: true
type: string
inputs:
tag:
description: 'Tag'
required: true
type: string
permissions:
id-token: write # This is required for GH OIDC connection
contents: read # This is required for actions/checkout
jobs:
image-release:
runs-on: ubuntu-latest
steps:
- name: Git checkout
uses: actions/checkout@v3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build image
run: |
docker build -t images/SecurePacks/PythonBuilder/Stack/${{ inputs.image }}:${{ inputs.tag }} -f images/SecurePacks/PythonBuilder/Stack/${{ inputs.image }}/Dockerfile .
docker tag images/SecurePacks/PythonBuilder/Stack/${{ inputs.image }}:${{ inputs.tag }} pythonsecurepacks/${{ inputs.image }}:${{ inputs.tag }}
- name: Tag and push Docker image to Docker Hub
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
REPOSITORY: ${{ inputs.image }}
run: |
docker push pythonsecurepacks/${{ inputs.image }}:${{ inputs.tag }}
- uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
- name: Sign the images
run: |
cosign sign \
--yes public.ecr.aws/t4s8c0c3/${{ inputs.image }}:latest
- name: Verify the pushed tags
run: |
cosign verify \
public.ecr.aws/t4s8c0c3/${{ inputs.image }}:latest \
--certificate-identity https://github.com/initializ/secure-images/.github/workflows/PythonBuilderdockerfile.yaml@refs/heads/main \
--certificate-oidc-issuer https://token.actions.githubusercontent.com | jq