Skip to content

Image CI Build

Image CI Build #60

name: Image CI Build
# Any change in triggers needs to be reflected in the concurrency group.
on:
pull_request_target:
types:
- opened
- synchronize
- reopened
push:
branches:
- master
- ft/master/**
# If the cache was cleaned we should re-build the cache with the latest commit
workflow_run:
workflows:
- "Image CI Cache Cleaner"
branches:
- master
- ft/master/**
types:
- completed
permissions:
# To be able to access the repository with `actions/checkout`
contents: read
# Required to generate OIDC tokens for `sigstore/cosign-installer` authentication
id-token: write
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.event.after }}
cancel-in-progress: true
jobs:
build-and-push-prs:
runs-on: ubuntu-20.04
strategy:
matrix:
include:
- name: cilium
dockerfile: ./images/cilium/Dockerfile
- name: operator-aws
dockerfile: ./images/operator/Dockerfile
- name: operator-azure
dockerfile: ./images/operator/Dockerfile
- name: operator-alibabacloud
dockerfile: ./images/operator/Dockerfile
- name: operator-generic
dockerfile: ./images/operator/Dockerfile
- name: hubble-relay
dockerfile: ./images/hubble-relay/Dockerfile
- name: clustermesh-apiserver
dockerfile: ./images/clustermesh-apiserver/Dockerfile
- name: docker-plugin
dockerfile: ./images/cilium-docker-plugin/Dockerfile
steps:
- name: Checkout master branch to access local actions
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
ref: ${{ github.event.repository.default_branch }}
persist-credentials: false
- name: Set Environment Variables
uses: ./.github/actions/set-env-variables
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c # v2.5.0
- name: Login to quay.io for CI
uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # v2.1.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME_CI }}
password: ${{ secrets.QUAY_PASSWORD_CI }}
- name: Getting image tag
id: tag
run: |
if [ ${{ github.event.pull_request.head.sha }} != "" ]; then
echo tag=${{ github.event.pull_request.head.sha }} >> $GITHUB_OUTPUT
else
echo tag=${{ github.sha }} >> $GITHUB_OUTPUT
fi
- name: Checkout Source Code
uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
with:
persist-credentials: false
ref: ${{ steps.tag.outputs.tag }}
# Load Golang cache build from GitHub
- name: Load ${{ matrix.name }} Golang cache build from GitHub
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
id: cache
with:
path: /tmp/.cache/${{ matrix.name }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.name }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-${{ matrix.name }}-
${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}-
${{ runner.os }}-go-
- name: Create ${{ matrix.name }} cache directory
if: ${{ steps.cache.outputs.cache-hit != 'true' }}
shell: bash
run: |
mkdir -p /tmp/.cache/${{ matrix.name }}
# Import GitHub's cache build to docker cache
- name: Copy ${{ matrix.name }} Golang cache to docker cache
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
with:
provenance: false
context: /tmp/.cache/${{ matrix.name }}
file: ./images/cache/Dockerfile
push: false
platforms: linux/amd64
target: import-cache
- name: Install Cosign
uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
- name: Install Bom
shell: bash
run: |
curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.4.1/bom-linux-amd64 -o bom
sudo mv ./bom /usr/local/bin/bom
sudo chmod +x /usr/local/bin/bom
# master branch pushes
- name: CI Build ${{ matrix.name }}
if: ${{ github.event_name != 'pull_request_target' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
id: docker_build_ci_master
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
# Only push when the event name was a GitHub push, this is to avoid
# re-pushing the image tags when we only want to re-create the Golang
# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
push: ${{ github.event_name == 'push' }}
platforms: linux/amd64,linux/arm64
tags: |
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
target: release
build-args: |
OPERATOR_VARIANT=${{ matrix.name }}
- name: CI race detection Build ${{ matrix.name }}
if: ${{ github.event_name != 'pull_request_target' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
id: docker_build_ci_master_detect_race_condition
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
# Only push when the event name was a GitHub push, this is to avoid
# re-pushing the image tags when we only want to re-create the Golang
# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
push: ${{ github.event_name == 'push' }}
platforms: linux/amd64
tags: |
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-race
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
target: release
build-args: |
BASE_IMAGE=quay.io/cilium/cilium-runtime:fe3fe058796057d2a089fac72a6a7afdf6b31435@sha256:d3f15d63ba73529963a3e9b5b2ff737f5638fc7a33819ac5380e72f2af7b4642
LOCKDEBUG=1
RACE=1
OPERATOR_VARIANT=${{ matrix.name }}
- name: CI Unstripped Binaries Build ${{ matrix.name }}
if: ${{ github.event_name != 'pull_request_target' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
id: docker_build_ci_master_unstripped
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
# Only push when the event name was a GitHub push, this is to avoid
# re-pushing the image tags when we only want to re-create the Golang
# docker cache after the workflow "Image CI Cache Cleaner" was terminated.
push: ${{ github.event_name == 'push' }}
platforms: linux/amd64
tags: |
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-unstripped
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped
target: release
build-args: |
NOSTRIP=1
OPERATOR_VARIANT=${{ matrix.name }}
- name: Sign Container Images
if: ${{ github.event_name != 'pull_request_target' }}
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master.outputs.digest }}
cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}
cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}
- name: Generate SBOM
if: ${{ github.event_name != 'pull_request_target' }}
shell: bash
# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
# To-Do: format SBOM output to json after cosign v2.0 is released with https://github.com/sigstore/cosign/pull/2479
run: |
bom generate -o sbom_ci_master_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
bom generate -o sbom_ci_master_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
bom generate -o sbom_ci_master_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped
- name: Attach SBOM to Container Images
if: ${{ github.event_name != 'pull_request_target' }}
run: |
cosign attach sbom --sbom sbom_ci_master_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master.outputs.digest }}
cosign attach sbom --sbom sbom_ci_master_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}
cosign attach sbom --sbom sbom_ci_master_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}
- name: Sign SBOM Images
if: ${{ github.event_name != 'pull_request_target' }}
env:
COSIGN_EXPERIMENTAL: "true"
run: |
docker_build_ci_master_digest="${{ steps.docker_build_ci_master.outputs.digest }}"
image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_master_digest/:/-}.sbom"
docker_build_ci_master_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_master_sbom_digest}"
docker_build_ci_master_detect_race_condition_digest="${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}"
image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_master_detect_race_condition_digest/:/-}.sbom"
docker_build_ci_master_detect_race_condition_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_master_detect_race_condition_sbom_digest}"
docker_build_ci_master_unstripped_digest="${{ steps.docker_build_ci_master_unstripped.outputs.digest }}"
image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_master_unstripped_digest/:/-}.sbom"
docker_build_ci_master_unstripped_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_master_unstripped_sbom_digest}"
- name: CI Image Releases digests
if: ${{ github.event_name != 'pull_request_target' }}
shell: bash
run: |
mkdir -p image-digest/
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest@${{ steps.docker_build_ci_master.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:latest-unstripped@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_master.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_master_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped@${{ steps.docker_build_ci_master_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
# PR updates
- name: CI Build ${{ matrix.name }}
if: ${{ github.event_name == 'pull_request_target' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
id: docker_build_ci_pr
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/amd64,linux/arm64
tags: |
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
target: release
build-args: |
OPERATOR_VARIANT=${{ matrix.name }}
- name: CI race detection Build ${{ matrix.name }}
if: ${{ github.event_name == 'pull_request_target' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
id: docker_build_ci_pr_detect_race_condition
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/amd64
tags: |
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
target: release
build-args: |
BASE_IMAGE=quay.io/cilium/cilium-runtime:fe3fe058796057d2a089fac72a6a7afdf6b31435@sha256:d3f15d63ba73529963a3e9b5b2ff737f5638fc7a33819ac5380e72f2af7b4642
LOCKDEBUG=1
RACE=1
OPERATOR_VARIANT=${{ matrix.name }}
- name: CI Unstripped Binaries Build ${{ matrix.name }}
if: ${{ github.event_name == 'pull_request_target' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
id: docker_build_ci_pr_unstripped
with:
provenance: false
context: .
file: ${{ matrix.dockerfile }}
push: true
platforms: linux/amd64
tags: |
quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped
target: release
build-args: |
NOSTRIP=1
OPERATOR_VARIANT=${{ matrix.name }}
- name: Sign Container Images
if: ${{ github.event_name == 'pull_request_target' }}
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}
cosign sign -y quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}
- name: Generate SBOM
if: ${{ github.event_name == 'pull_request_target' }}
shell: bash
# To-Do: generate SBOM from source after https://github.com/kubernetes-sigs/bom/issues/202 is fixed
# To-Do: format SBOM output to json after cosign v2.0 is released with https://github.com/sigstore/cosign/pull/2479
run: |
bom generate -o sbom_ci_pr_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}
bom generate -o sbom_ci_pr_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race
bom generate -o sbom_ci_pr_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx \
--image=quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped
- name: Attach SBOM to Container Images
if: ${{ github.event_name == 'pull_request_target' }}
run: |
cosign attach sbom --sbom sbom_ci_pr_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
cosign attach sbom --sbom sbom_ci_pr_race_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}
cosign attach sbom --sbom sbom_ci_pr_unstripped_${{ matrix.name }}_${{ steps.tag.outputs.tag }}.spdx quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}
- name: Sign SBOM Images
if: ${{ github.event_name == 'pull_request_target' }}
env:
COSIGN_EXPERIMENTAL: "true"
run: |
docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}"
image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom"
docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
docker_build_ci_pr_detect_race_condition_digest="${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}"
image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_pr_detect_race_condition_digest/:/-}.sbom"
docker_build_ci_pr_detect_race_condition_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_pr_detect_race_condition_sbom_digest}"
docker_build_ci_pr_unstripped_digest="${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}"
image_name="quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${docker_build_ci_pr_unstripped_digest/:/-}.sbom"
docker_build_ci_pr_unstripped_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign -y "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci@${docker_build_ci_pr_unstripped_sbom_digest}"
- name: CI Image Releases digests
if: ${{ github.event_name == 'pull_request_target' }}
shell: bash
run: |
mkdir -p image-digest/
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}@${{ steps.docker_build_ci_pr.outputs.digest }}" > image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-race@${{ steps.docker_build_ci_pr_detect_race_condition.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
echo "quay.io/${{ env.QUAY_ORGANIZATION_DEV }}/${{ matrix.name }}-ci:${{ steps.tag.outputs.tag }}-unstripped@${{ steps.docker_build_ci_pr_unstripped.outputs.digest }}" >> image-digest/${{ matrix.name }}.txt
# Upload artifact digests
- name: Upload artifact digests
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: image-digest ${{ matrix.name }}
path: image-digest
retention-days: 1
# Store docker's golang's cache build locally only on the main branch
- name: Store ${{ matrix.name }} Golang cache build locally
if: ${{ github.event_name != 'pull_request_target' && steps.cache.outputs.cache-hit != 'true' }}
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4.0.0
with:
provenance: false
context: .
file: ./images/cache/Dockerfile
push: false
outputs: type=local,dest=/tmp/docker-cache-${{ matrix.name }}
platforms: linux/amd64
target: export-cache
# Store docker's golang's cache build locally only on the main branch
- name: Store ${{ matrix.name }} Golang cache in GitHub cache path
if: ${{ github.event_name != 'pull_request_target' && steps.cache.outputs.cache-hit != 'true' }}
shell: bash
run: |
mkdir -p /tmp/.cache/${{ matrix.name }}/
if [ -f /tmp/docker-cache-${{ matrix.name }}/tmp/go-build-cache.tar.gz ]; then
cp /tmp/docker-cache-${{ matrix.name }}/tmp/go-build-cache.tar.gz /tmp/.cache/${{ matrix.name }}/
fi
if [ -f /tmp/docker-cache-${{ matrix.name }}/tmp/go-pkg-cache.tar.gz ]; then
cp /tmp/docker-cache-${{ matrix.name }}/tmp/go-pkg-cache.tar.gz /tmp/.cache/${{ matrix.name }}/
fi
image-digests:
if: ${{ always() }}
name: Display Digests
runs-on: ubuntu-20.04
needs: build-and-push-prs
steps:
- name: Downloading Image Digests
shell: bash
run: |
mkdir -p image-digest/
- name: Download digests of all images built
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
path: image-digest/
- name: Image Digests Output
shell: bash
run: |
cd image-digest/
find -type f | sort | xargs -d '\n' cat