Skip to content

Commit 713a62f

Browse files
authored
Use SHA for signing and do not upload SBOM as part of docker release/build (#12)
Signed-off-by: Erick Bourgeois <erick@jeb.ca>
1 parent 164aeb9 commit 713a62f

2 files changed

Lines changed: 16 additions & 4 deletions

File tree

.github/actions/extract-version/action.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ outputs:
3535
description: 'Git tag name (e.g., v1.2.3)'
3636
value: ${{ steps.extract.outputs.tag-name }}
3737
image-tag:
38-
description: 'Docker image tag (e.g., main-2025.12.17, pr-42, v0.2.0)'
38+
description: 'Docker image tag (e.g., main-2025-12-17, pr-42, v0.2.0)'
3939
value: ${{ steps.extract.outputs.image-tag }}
4040
image-repository:
4141
description: 'Docker repository name (e.g., finos/myapp)'
@@ -85,9 +85,9 @@ runs:
8585
;;
8686
8787
main)
88-
# Main branch: use main-YYYY.MM.DD format
89-
# Tag format: main-2025.12.17
90-
DATE=$(date +%Y.%m.%d)
88+
# Main branch: use main-YYYY-MM-DD format
89+
# Tag format: main-2025-12-17
90+
DATE=$(date +%Y-%m-%d)
9191
VERSION="0.0.0-main.${DATE}.${{ github.run_number }}"
9292
TAG_NAME="main-${DATE}"
9393
IMAGE_TAG="main-${DATE}${IMAGE_TAG_SUFFIX}"

.github/workflows/build.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -496,6 +496,11 @@ jobs:
496496
name: 🔭 Container Security Scan - ${{ matrix.variant.name }}
497497
runs-on: ubuntu-latest
498498
needs: [docker, extract-version]
499+
permissions:
500+
contents: read
501+
packages: read
502+
id-token: write
503+
security-events: write
499504
strategy:
500505
fail-fast: false
501506
matrix:
@@ -510,6 +515,13 @@ jobs:
510515
- name: Checkout code
511516
uses: actions/checkout@v4
512517

518+
- name: Log in to GHCR
519+
uses: docker/login-action@v3
520+
with:
521+
registry: ghcr.io
522+
username: ${{ github.actor }}
523+
password: ${{ secrets.GITHUB_TOKEN }}
524+
513525
- name: Run Trivy scan on ${{ matrix.variant.name }} image
514526
uses: firestoned/github-actions/security/trivy-scan@v1.3.6
515527
with:

0 commit comments

Comments
 (0)