Skip to content

Commit e4bbc1b

Browse files
timbastintimbastin
committed
using generate-tag to define artifact names
1 parent b4f9917 commit e4bbc1b

2 files changed

Lines changed: 32 additions & 35 deletions

File tree

.github/workflows/build-image.yml

Lines changed: 20 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -97,39 +97,31 @@ jobs:
9797
path: ${{ inputs.image-destination-path }}
9898
if: inputs.disable-artifact-registry-as-image-store == false
9999

100-
# Calculate a tag name
101-
# If the image input is provided, use it as the tag
102-
# If the workflow is triggered by a tag, use the tag as the tag
103-
# Otherwise built GitOps compatible tags. Fallback to the branch name, commit hash, and timestamp. Those tags are sortable and unique.
100+
# Calculate the image tag with the same generator used in GitLab CI.
104101
- name: Set IMAGE_TAG
105-
run: |
106-
if [ "${IMAGE}" != "" ]; then
107-
IMAGE_TAG="${IMAGE}"
108-
elif [[ "${GITHUB_REF}" == refs/tags/* ]]; then
109-
if [ "${IMAGE_SUFFIX}" != "" ]; then
110-
IMAGE_TAG="ghcr.io/${{ github.repository }}/${IMAGE_SUFFIX}:${GITHUB_REF#refs/tags/}"
111-
else
112-
IMAGE_TAG="ghcr.io/${{ github.repository }}:${GITHUB_REF#refs/tags/}"
113-
fi
114-
115-
else
116-
branch=${GITHUB_REF##*/}
117-
sha=${GITHUB_SHA::8}
118-
ts=$(date +%s)
119-
if [ "${IMAGE_SUFFIX}" != "" ]; then
120-
IMAGE_TAG="ghcr.io/${{ github.repository }}/${IMAGE_SUFFIX}:${branch}-${sha}-${ts}"
102+
uses: docker://ghcr.io/l3montree-dev/devguard/scanner:main
103+
with:
104+
args: >
105+
sh -c '
106+
if [ -n "$IMAGE" ]; then
107+
IMAGE_TAG="$IMAGE"
121108
else
122-
IMAGE_TAG="ghcr.io/${{ github.repository }}:${branch}-${sha}-${ts}"
109+
if [ -n "$IMAGE_SUFFIX" ]; then
110+
IMAGE_PATH="ghcr.io/${GITHUB_REPOSITORY}/${IMAGE_SUFFIX}"
111+
else
112+
IMAGE_PATH="ghcr.io/${GITHUB_REPOSITORY}"
113+
fi
114+
115+
devguard-scanner generate-tag --imagePath="$IMAGE_PATH" --ref="$GITHUB_REF_NAME" > image-tag-env.txt
116+
IMAGE_TAG=$(grep '^IMAGE_TAG=' image-tag-env.txt | cut -d= -f2-)
123117
fi
124-
fi
125-
126-
IMAGE_TAG=$(echo "$IMAGE_TAG" | tr '[:upper:]' '[:lower:]')
127-
echo "$IMAGE_TAG" > image-tag.txt
128118
129-
# necessary for the kaniko job
130-
echo "IMAGE_TAG=$(cat image-tag.txt)" >> $GITHUB_ENV
119+
IMAGE_TAG=$(echo "$IMAGE_TAG" | tr "[:upper:]" "[:lower:]")
120+
echo "$IMAGE_TAG" > image-tag.txt
121+
echo "IMAGE_TAG=$(cat image-tag.txt)" >> "$GITHUB_ENV"
122+
'
131123
env:
132-
IMAGE_SUFFIX: ${{ inputs.image-suffix }}
124+
IMAGE_SUFFIX: ${{ inputs.image-suffix }}
133125
IMAGE: ${{ inputs.image }}
134126

135127
- name: Upload to container registry

.github/workflows/build-nix-image.yml

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -153,9 +153,15 @@ jobs:
153153
--architecture='${{ inputs.arch }}' \
154154
>> image-tag-env.txt
155155
IMAGE_TAG=$(grep '^IMAGE_TAG=' image-tag-env.txt | cut -d= -f2-)
156+
ARTIFACT_NAME=$(grep '^ARTIFACT_NAME=' image-tag-env.txt | cut -d= -f2-)
157+
ARTIFACT_URL_ENCODED=$(grep '^ARTIFACT_URL_ENCODED=' image-tag-env.txt | cut -d= -f2-)
156158
echo "$IMAGE_TAG" > image-tag.txt
159+
echo "$ARTIFACT_NAME" > artifact-purl.txt
160+
echo "$ARTIFACT_URL_ENCODED" > artifact-purl-safe.txt
157161
echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT"
158162
echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"
163+
echo "ARTIFACT_NAME=$ARTIFACT_NAME" >> "$GITHUB_ENV"
164+
echo "ARTIFACT_URL_ENCODED=$ARTIFACT_URL_ENCODED" >> "$GITHUB_ENV"
159165
160166
- name: Upload image-tag artifact
161167
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - https://github.com/actions/upload-artifact/releases/tag/v4.6.2
@@ -172,13 +178,12 @@ jobs:
172178
- name: Set artifact PURL
173179
id: set-purl
174180
run: |
175-
REGISTRY_AND_IMAGE=${IMAGE_TAG%:*}
176-
NAME=${REGISTRY_AND_IMAGE##*/}
177-
PURL="pkg:oci/$NAME?repository_url=$REGISTRY_AND_IMAGE"
178-
echo "$PURL" > artifact-purl.txt
179-
SAFE_PURL=$(echo -n "$PURL" | jq -s -R -r @uri)
180-
echo "$SAFE_PURL" > artifact-purl-safe.txt
181-
echo "purl=$PURL" >> $GITHUB_OUTPUT
181+
echo "purl=$ARTIFACT_NAME" >> $GITHUB_OUTPUT
182+
echo "$ARTIFACT_NAME" > artifact-purl.txt
183+
echo "$ARTIFACT_URL_ENCODED" > artifact-purl-safe.txt
184+
env:
185+
ARTIFACT_NAME: ${{ env.ARTIFACT_NAME }}
186+
ARTIFACT_URL_ENCODED: ${{ env.ARTIFACT_URL_ENCODED }}
182187

183188
- name: Upload artifact-purl artifact
184189
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - https://github.com/actions/upload-artifact/releases/tag/v4.6.2

0 commit comments

Comments
 (0)