Skip to content

Commit d78333a

Browse files
mcornellamcornella
committed
Add attestation and fix image README push to Docker Hub
1 parent ee1a706 commit d78333a

File tree

2 files changed

+39
-11
lines changed

2 files changed

+39
-11
lines changed

.github/workflows/main.yml

+35-8
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,10 @@ on:
99
- cron: "46 2 * * 1"
1010

1111
env:
12-
LATEST_ZSH: "5.9"
12+
REGISTRY: "docker.io"
1313
DOCKERHUB_ORG: "ohmyzsh"
14-
MAIN_OMZ_BRANCH: "master" # TODO: we need to change master with main when migrating the branch
14+
LATEST_ZSH: "5.9"
15+
LATEST_OMZ: "master" # TODO: we need to change master with main when migrating the branch
1516

1617
jobs:
1718
get-omz-versions:
@@ -23,12 +24,14 @@ jobs:
2324
- name: Get Oh My Zsh versions
2425
id: versions
2526
run: |
26-
OMZ_VERSIONS=$(curl -sL https://api.github.com/repos/ohmyzsh/ohmyzsh/tags | jq -c '["${{ env.MAIN_OMZ_BRANCH }}",.[].name]')
27+
OMZ_VERSIONS=$(curl -sL https://api.github.com/repos/ohmyzsh/ohmyzsh/tags | jq -c '["${{ env.LATEST_OMZ }}",.[].name]')
2728
echo "versions=$OMZ_VERSIONS" >> $GITHUB_OUTPUT
2829
2930
build-omz:
3031
name: Build Oh My Zsh Docker image
3132
runs-on: ubuntu-latest
33+
env:
34+
IMAGE_NAME: "ohmyzsh/ohmyzsh"
3235
needs:
3336
- get-omz-versions
3437
strategy:
@@ -53,23 +56,35 @@ jobs:
5356
- name: Get tags and versions
5457
id: tags
5558
run: |
56-
tags=${{ env.DOCKERHUB_ORG }}/ohmyzsh:${{ matrix.omz-version }}
57-
if [ ${{matrix.omz-version }} = ${{ env.MAIN_OMZ_BRANCH }} ]; then
58-
tags="${tags},${{ env.DOCKERHUB_ORG }}/ohmyzsh:latest"
59+
tags="${{ env.IMAGE_NAME }}:${{ matrix.omz-version }}"
60+
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.omz-version }}"
61+
if [ ${{matrix.omz-version }} = ${{ env.LATEST_OMZ }} ]; then
62+
tags="${tags},${{ env.IMAGE_NAME }}:latest"
63+
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
5964
fi
6065
echo "tags=$tags" >> $GITHUB_OUTPUT
6166
- name: Build and push images
67+
id: push
6268
uses: docker/build-push-action@v5
6369
with:
6470
context: ohmyzsh
6571
platforms: linux/amd64,linux/arm64
6672
push: ${{ github.event_name != 'pull_request' }}
6773
build-args: "OMZ_VERSION=${{ matrix.omz-version }}"
6874
tags: ${{ steps.tags.outputs.tags }}
75+
- name: Attest
76+
uses: actions/attest-build-provenance@v1
77+
id: attest
78+
with:
79+
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
80+
subject-digest: ${{ steps.push.outputs.digest }}
81+
push-to-registry: true
6982

7083
build-zsh:
7184
name: Build Zsh Docker images
7285
runs-on: ubuntu-latest
86+
env:
87+
IMAGE_NAME: "ohmyzsh/zsh"
7388
strategy:
7489
matrix:
7590
zsh-version:
@@ -127,19 +142,29 @@ jobs:
127142
- name: Get tags and versions
128143
id: tags
129144
run: |
130-
tags=${{ env.DOCKERHUB_ORG }}/zsh:${{ matrix.zsh-version }}
145+
tags="${{ env.IMAGE_NAME }}:${{ matrix.zsh-version }}"
146+
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ matrix.zsh-version }}"
131147
if [ ${{matrix.zsh-version }} = ${{ env.LATEST_ZSH }} ]; then
132-
tags="${tags},${{ env.DOCKERHUB_ORG }}/zsh:latest"
148+
tags="${tags},${{ env.IMAGE_NAME }}:latest"
149+
tags="${tags},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
133150
fi
134151
echo "tags=$tags" >> $GITHUB_OUTPUT
135152
- name: Build and push images
153+
id: push
136154
uses: docker/build-push-action@v5
137155
with:
138156
context: zsh
139157
platforms: linux/amd64,linux/arm64
140158
push: ${{ github.event_name != 'pull_request' }}
141159
build-args: "ZSH_VERSION=${{ matrix.zsh-version }}"
142160
tags: ${{ steps.tags.outputs.tags }}
161+
- name: Attest
162+
uses: actions/attest-build-provenance@v1
163+
id: attest
164+
with:
165+
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
166+
subject-digest: ${{ steps.push.outputs.digest }}
167+
push-to-registry: true
143168

144169
update-image-readme:
145170
needs:
@@ -148,6 +173,8 @@ jobs:
148173
runs-on: ubuntu-latest
149174
if: ${{ github.event_name != 'pull_request' }}
150175
steps:
176+
- name: Checkout
177+
uses: actions/checkout@v4
151178
- name: Update image READMEs
152179
env:
153180
DH_USERNAME: ${{ secrets.DOCKERHUB_USER }}

README.md

+4-3
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
# Oh My Zsh docker images
22

3+
[![Publish workflow](https://github.com/ohmyzsh/docker/actions/workflows/main.yml/badge.svg)](https://github.com/ohmyzsh/docker/actions/workflows/main.yml)
4+
35
This repository holds the Dockerfile files for the various docker images hosted in the
46
[ohmyzsh organization at Docker Hub](https://hub.docker.com/u/ohmyzsh).
57

@@ -12,8 +14,7 @@ Inside this folder there needs to be:
1214
- `Dockerfile` for building the Docker image. See [`ohmyzsh/ohmyzsh`](ohmyzsh/Dockerfile) for
1315
an example of how to set it up, including metadata `LABEL`s.
1416

15-
- `build.sh` file which receives the Docker Hub organization name as the first argument,
16-
and builds all the tags for the given image.
17-
1817
- `README.md` which provides information regarding the Docker image. If the image has a README.md
1918
file, this will be used to automatically update the README in Docker Hub.
19+
20+
There also needs to be a separate build job for each image in the [`.github/workflows/main.yml`](https://github.com/ohmyzsh/docker/actions/workflows/main.yml) file.

0 commit comments

Comments
 (0)