Skip to content

Commit 735b8eb

Browse files
pilartomaspilartomas
committed
feat(build): create multiplatform image
Signed-off-by: Tomas Pilar <[email protected]>
1 parent 5863f46 commit 735b8eb

File tree

1 file changed

+16
-21
lines changed

1 file changed

+16
-21
lines changed

.github/workflows/docker-image.yml

Lines changed: 16 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -93,25 +93,34 @@ jobs:
9393
restore-keys: ${{ runner.os }}-buildx-
9494

9595
# -------------------------------------------------------------
96-
# 3️⃣ Build & tag image (timestamp + latest)
96+
# Build & push image (timestamp + latest)
9797
# -------------------------------------------------------------
98+
99+
- name: 🔑 Log in to GHCR
100+
uses: docker/login-action@v3
101+
with:
102+
registry: ghcr.io
103+
username: ${{ github.actor }}
104+
password: ${{ secrets.GITHUB_TOKEN }}
105+
98106
- name: 🏗️ Build Docker image
99107
env:
100108
DOCKER_CONTENT_TRUST: "1"
101109
run: |
102110
TAG=$(date +%s)
103111
echo "TAG=$TAG" >> "$GITHUB_ENV"
104112
docker buildx build \
113+
--platform linux/amd64,linux/arm64 \
105114
--file Containerfile.lite \
106115
--tag $IMAGE_NAME:$TAG \
107116
--tag $IMAGE_NAME:latest \
108117
--cache-from type=local,src=${{ env.CACHE_DIR }} \
109118
--cache-to type=local,dest=${{ env.CACHE_DIR }},mode=max \
110-
--load \
119+
--push \
111120
. # build context is mandatory
112121
113122
# -------------------------------------------------------------
114-
# 4️⃣ Image lint (Dockle CLI → SARIF)
123+
# Image lint (Dockle CLI → SARIF)
115124
# -------------------------------------------------------------
116125
- name: 🔍 Image lint (Dockle)
117126
id: dockle
@@ -133,7 +142,7 @@ jobs:
133142
sarif_file: dockle-results.sarif
134143

135144
# -------------------------------------------------------------
136-
# 5️⃣ Generate SPDX SBOM with Syft
145+
# Generate SPDX SBOM with Syft
137146
# -------------------------------------------------------------
138147
- name: 📄 Generate SBOM (Syft)
139148
uses: anchore/sbom-action@v0
@@ -142,7 +151,7 @@ jobs:
142151
output-file: sbom.spdx.json
143152

144153
# -------------------------------------------------------------
145-
# 6️⃣ Trivy CVE scan → SARIF
154+
# Trivy CVE scan → SARIF
146155
# -------------------------------------------------------------
147156
- name: 🛡️ Trivy vulnerability scan
148157
id: trivy
@@ -160,23 +169,9 @@ jobs:
160169
with:
161170
sarif_file: trivy-results.sarif
162171

163-
# -------------------------------------------------------------
164-
# 7️⃣ Push both tags to GHCR
165-
# -------------------------------------------------------------
166-
- name: 🔑 Log in to GHCR
167-
uses: docker/login-action@v3
168-
with:
169-
registry: ghcr.io
170-
username: ${{ github.actor }}
171-
password: ${{ secrets.GITHUB_TOKEN }}
172-
173-
- name: 🚀 Push image to GHCR
174-
run: |
175-
docker push $IMAGE_NAME:${{ env.TAG }}
176-
docker push $IMAGE_NAME:latest
177172

178173
# -------------------------------------------------------------
179-
# 8️⃣ Key-less Cosign sign + attest (latest **and** timestamp)
174+
# Key-less Cosign sign + attest (latest **and** timestamp)
180175
# -------------------------------------------------------------
181176
- name: 📥 Install Cosign
182177
uses: sigstore/cosign-installer@v3 # provides the matching CLI
@@ -197,7 +192,7 @@ jobs:
197192
done
198193
199194
# -------------------------------------------------------------
200-
# 9️⃣ Single gate - fail job on any scanner error
195+
# Single gate - fail job on any scanner error
201196
# -------------------------------------------------------------
202197
- name: ⛔ Enforce lint & vuln gates
203198
if: |

0 commit comments

Comments
 (0)