actions/docker-build-push
2
0
Fork 0
mirror of https://gitea.com/docker/build-push-action.git synced 2025-10-31 09:08:18 +07:00
Code

Merge pull request #1005 from crazy-max/ci-inspect

Browse Source 
ci: inspect sbom and provenance
This commit is contained in:
CrazyMax 2023-11-17 02:46:05 -08:00 committed by GitHub
commit b7feb766fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
.github/workflows/ci.yml vendored
View File

@ -598,12 +598,24 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
attrs: include:
- '' - target: image
- mode=max output: type=image,name=localhost:5000/name/app:latest,push=true
- builder-id=foo attr: mode=max
- false - target: image
- true output: type=image,name=localhost:5000/name/app:latest,push=true
attr: ''
- target: binary
output: /tmp/buildx-build
attr: mode=max
- target: binary
output: /tmp/buildx-build
attr: ''
services:
registry:
image: registry:2
ports:
- 5000:5000
steps: steps:
- -
name: Checkout name: Checkout
@ -622,11 +634,24 @@ jobs:
with: with:
context: ./test/go context: ./test/go
file: ./test/go/Dockerfile file: ./test/go/Dockerfile
target: binary target: ${{ matrix.target }}
outputs: type=oci,dest=/tmp/build.tar outputs: ${{ matrix.output }}
provenance: ${{ matrix.attrs }} provenance: ${{ matrix.attr }}
cache-from: type=gha,scope=provenance -
cache-to: type=gha,scope=provenance,mode=max name: Inspect Provenance
if: matrix.target == 'image'
run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .Provenance}}'
-
name: Check output folder
if: matrix.target == 'binary'
run: |
tree /tmp/buildx-build
-
name: Print local Provenance
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/provenance.json | jq
sbom: sbom:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -667,22 +692,17 @@ jobs:
cache-from: type=gha,scope=attests-${{ matrix.target }} cache-from: type=gha,scope=attests-${{ matrix.target }}
cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max cache-to: type=gha,scope=attests-${{ matrix.target }},mode=max
- -
name: Inspect image name: Inspect SBOM
if: matrix.target == 'image' if: matrix.target == 'image'
run: | run: |
docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .}}' docker buildx imagetools inspect localhost:5000/name/app:latest --format '{{json .SBOM}}'
- -
name: Check output folder name: Check output folder
if: matrix.target == 'binary' if: matrix.target == 'binary'
run: | run: |
tree /tmp/buildx-build tree /tmp/buildx-build
- -
name: Print provenance name: Print local SBOM
if: matrix.target == 'binary'
run: |
cat /tmp/buildx-build/provenance.json | jq
-
name: Print SBOM
if: matrix.target == 'binary' if: matrix.target == 'binary'
run: | run: |
cat /tmp/buildx-build/sbom.spdx.json | jq cat /tmp/buildx-build/sbom.spdx.json | jq