1818 REGISTRY : ghcr.io
1919 # github.repository as <account>/<repo>
2020 IMAGE_NAME_UI : ${{ github.repository }}-ui
21+ IMAGE_NAME_ANSIBLE : ${{ github.repository }}-ansible
2122
2223
2324jobs :
@@ -61,22 +62,39 @@ jobs:
6162
6263 # Extract metadata (tags, labels) for Docker
6364 # https://github.com/docker/metadata-action
64- - name : Extract Docker metadata
65- id : meta
65+ - name : Extract Docker UI metadata
66+ id : meta-ui
6667 uses : docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
6768 with :
6869 images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_UI }}
6970
71+ - name : Extract Docker Ansible metadata
72+ id : meta-ansible
73+ uses : docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
74+ with :
75+ images : ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_ANSIBLE }}
76+
7077 # Build and push Docker image with Buildx (don't push on PR)
7178 # https://github.com/docker/build-push-action
7279 - name : Build and push UI Docker image
73- id : build-and-push
80+ id : build-and-push-ui
7481 uses : docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
7582 with :
7683 context : ui/.
7784 push : ${{ github.event_name != 'pull_request' }}
78- tags : ${{ steps.meta.outputs.tags }}
79- labels : ${{ steps.meta.outputs.labels }}
85+ tags : ${{ steps.meta-ui.outputs.tags }}
86+ labels : ${{ steps.meta-ui.outputs.labels }}
87+ cache-from : type=gha
88+ cache-to : type=gha,mode=max
89+
90+ - name : Build and push Ansible Docker image
91+ id : build-and-push-ansible
92+ uses : docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
93+ with :
94+ context : ansible/.
95+ push : ${{ github.event_name != 'pull_request' }}
96+ tags : ${{ steps.meta-ui.outputs.tags }}
97+ labels : ${{ steps.meta-ui.outputs.labels }}
8098 cache-from : type=gha
8199 cache-to : type=gha,mode=max
82100
@@ -85,12 +103,22 @@ jobs:
85103 # repository is public to avoid leaking data. If you would like to publish
86104 # transparency data even for private images, pass --force to cosign below.
87105 # https://github.com/sigstore/cosign
88- - name : Sign the published Docker image
106+ - name : Sign the published UI Docker image
89107 if : ${{ github.event_name != 'pull_request' }}
90108 env :
91109 # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
92- TAGS : ${{ steps.meta.outputs.tags }}
93- DIGEST : ${{ steps.build-and-push.outputs.digest }}
110+ TAGS : ${{ steps.meta-ui .outputs.tags }}
111+ DIGEST : ${{ steps.build-and-push-ui .outputs.digest }}
94112 # This step uses the identity token to provision an ephemeral certificate
95113 # against the sigstore community Fulcio instance.
96114 run : echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
115+
116+ - name : Sign the published Ansible Docker image
117+ if : ${{ github.event_name != 'pull_request' }}
118+ env :
119+ # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
120+ TAGS : ${{ steps.meta-ansible.outputs.tags }}
121+ DIGEST : ${{ steps.build-and-push-ansible.outputs.digest }}
122+ # This step uses the identity token to provision an ephemeral certificate
123+ # against the sigstore community Fulcio instance.
124+ run : echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
0 commit comments