From 8ee48874b45acb7b1fe597288fee697ea0c3b579 Mon Sep 17 00:00:00 2001 From: William Desportes Date: Sat, 3 Aug 2024 22:29:29 +0200 Subject: [PATCH] Do not sign temporary images and cleanup tags --- .github/workflows/publish.yml | 51 ++++++++++++++++++++++++++++------- 1 file changed, 42 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index af24cfa..888e839 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -54,20 +54,12 @@ jobs: IMAGE_TAG: "docker.io/botsudo/nut-upsd:${{ matrix.platform-tag }}-latest" ACTION: push - - name: Sign the docker image - uses: sudo-bot/action-docker-sign@latest - with: - image-ref: "docker.io/botsudo/nut-upsd:${{ matrix.platform-tag }}-latest" - private-key-id: "${{ vars.DOCKER_PRIVATE_KEY_ID }}" - private-key: ${{ secrets.DOCKER_PRIVATE_KEY }} - private-key-passphrase: ${{ secrets.DOCKER_PRIVATE_KEY_PASSPHRASE }} - sign-manifest: name: Sign the docker hub manifest runs-on: ubuntu-latest needs: push-to-registry environment: - name: Sign Docker manifest + name: Build Docker images steps: - name: Login to DockerHub uses: docker/login-action@v3 @@ -99,3 +91,44 @@ jobs: private-key-name: "${{ vars.DOCKER_PRIVATE_KEY_NAME }}" sign-manifest: true notary-auth: "${{ secrets.DOCKER_REPOSITORY_LOGIN }}:${{ secrets.DOCKER_REPOSITORY_PASSWORD }}" + tags-cleanup: + runs-on: ubuntu-latest + needs: sign-manifest + name: Cleanup build tags + environment: + name: Build Docker images + steps: + - name: Install Docker hub-tool + run: | + curl -sL https://github.com/docker/hub-tool/releases/download/v0.4.6/hub-tool-linux-amd64.tar.gz -o hub-tool-linux.tar.gz + tar --strip-components=1 -xzf ./hub-tool-linux.tar.gz + ./hub-tool --version + - name: Login hub-tool + run: | + # Fool the login command (https://github.com/docker/hub-tool/pull/198) + # ./hub-tool login + # Token commands thank to https://stackoverflow.com/a/59334315/5155484 + HUB_TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d "{\"username\": \"$DOCKER_USERNAME\", \"password\": \"$DOCKER_PASSWORD\"}" https://hub.docker.com/v2/users/login/ | jq -r .token) + USERNAME="$(printf '%s:' "$DOCKER_USERNAME" | base64 -w0)" + USER_PASS="$(printf '%s:%s' "$DOCKER_USERNAME" "$DOCKER_PASSWORD" | base64 -w0)" + mkdir -p ~/.docker/ + printf '{"auths": {"hub-tool": {"auth": "%s"}, "hub-tool-refresh-token": {"auth": "%s"}, "hub-tool-token": { "auth": "%s", "identitytoken": "%s"}}}' \ + "$USER_PASS" "$USERNAME" \ + "$USERNAME" "$HUB_TOKEN" \ + > ~/.docker/config.json + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_REPOSITORY_LOGIN }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_REPOSITORY_PASSWORD }} + - name: Remove the temporary images via hub-tool + run: | + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:arm64-latest || true + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:amd64-latest || true + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:armv7-latest || true + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:armv6-latest || true + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:ppc64le-latest || true + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:s390x-latest || true + ./hub-tool tag rm --verbose --force docker.io/botsudo/nut-upsd:386-latest || true + ./hub-tool tag ls --verbose docker.io/botsudo/nut-upsd + - name: Logout hub-tool + if: always() + run: rm ~/.docker/config.json