Skip to content
Multiplatform Build with Runners

Merge pull request #3 from chainguard-dev/update-digests #61

Sign in to view logs

Merge pull request #3 from chainguard-dev/update-digests

Merge pull request #3 from chainguard-dev/update-digests #61

Workflow file for this run

.github/workflows/build-and-push-runners.yaml at fcb89ee
name: Multiplatform Build with Runners
on:
push:
jobs:
armbuild:
runs-on: [linux-arm-for-testing]
permissions:
id-token: write
attestations: write
contents: read
outputs:
digest: ${{ steps.build.outputs.digest }}
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
-
name: Login to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
username: ${{ vars.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
with:
images: |
amouat/images-bite-back-runner
tags: |
type=raw,arm-${{ github.RUN_ID }}
labels: |
org.opencontainers.image.description=Images Bite Back Demo Arm Runner
-
id: build
name: Build and push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
file: Dockerfile
platforms: linux/arm64
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
-
name: Attest
uses: actions/attest-build-provenance@92c65d2898f1f53cfdc910b962cecff86e7f8fcc # v1
id: attest
with:
subject-name: index.docker.io/${{ vars.DOCKERHUB_USER }}/images-bite-back-runner
subject-digest: ${{ steps.build.outputs.digest }}
push-to-registry: true
x86build:
runs-on: [ubuntu-latest-2-cores-testing]
outputs:
digest: ${{ steps.build.outputs.digest }}
permissions:
id-token: write
attestations: write
contents: read
steps:
-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3
-
name: Login to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
username: ${{ vars.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5
with:
images: |
amouat/images-bite-back-runner
tags: |
type=raw,x86-${{ github.RUN_ID }}
labels: |
org.opencontainers.image.description=Images Bite Back Demo X86 Runner
-
id: build
name: Build and push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6
with:
file: Dockerfile
platforms: linux/amd64
push: true
sbom: true
provenance: mode=max
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
-
name: Attest
uses: actions/attest-build-provenance@92c65d2898f1f53cfdc910b962cecff86e7f8fcc # v1
id: attest
with:
subject-name: index.docker.io/${{ vars.DOCKERHUB_USER }}/images-bite-back-runner
subject-digest: ${{ steps.build.outputs.digest }}
push-to-registry: true
manifest:
permissions:
id-token: write
attestations: write
needs: [x86build, armbuild]
runs-on: ubuntu-latest
steps:
-
name: Install Cosign
uses: sigstore/cosign-installer@1aa8e0f2454b781fbf0fbf306a4c9533a0c57409 # v3.7.0
-
name: Login to Docker Hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
with:
username: ${{ vars.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Install crane
uses: imjasonh/setup-crane@31b88efe9de28ae0ffa220711af4b60be9435f6e # v0.4
-
name: Create, Push and Sign Multi-Platform Manifest
run: |
X86DIGEST=$(crane digest --platform linux/amd64 amouat/images-bite-back-runner@${{ needs.x86build.outputs.digest }})
ARMDIGEST=$(crane digest --platform linux/arm64 amouat/images-bite-back-runner@${{ needs.armbuild.outputs.digest }})
docker manifest create amouat/images-bite-back-runner:multi-${{ github.RUN_ID }} \
amouat/images-bite-back-runner@$X86DIGEST \
amouat/images-bite-back-runner@$ARMDIGEST
MULTIDIGEST=$(docker manifest push amouat/images-bite-back-runner:multi-${{ github.RUN_ID }})
cosign sign -r --yes amouat/images-bite-back-runner@$MULTIDIGEST