ci: attempt to fix DCT key #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish signed Docker image | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| multiarch-build: | |
| name: Build and publish signed image | |
| runs-on: ubuntu-latest | |
| env: | |
| IMAGE_NAME: nginxproxy/${{ github.event.repository.name }} | |
| IMAGE_TAG: signed | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Load DCT delegation key | |
| env: | |
| DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }} | |
| DCT_KEY_BASE64: ${{ secrets.DCT_KEY_BASE64 }} | |
| DCT_KEY_ID: ${{ secrets.DCT_KEY_ID }} | |
| run: | | |
| export DCT_KEY_PATH="$(echo "~/.docker/trust/private/${DCT_KEY_ID}.key")" | |
| mkdir -p ~/.docker/trust/private | |
| echo "$DCT_KEY_BASE64" | base64 -d > "$DCT_KEY_PATH" | |
| chmod 600 "$DCT_KEY_PATH" | |
| docker trust key load "$DCT_KEY_PATH" --name gha | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build the image | |
| run: docker build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} . | |
| - name: Push and sign the image | |
| env: | |
| DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }} | |
| run: | | |
| docker trust sign ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| - name: Verify the image signature | |
| run: | | |
| docker trust inspect --pretty ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| - name: Remove DCT delegation key | |
| env: | |
| DCT_KEY_ID: ${{ secrets.DCT_KEY_ID }} | |
| run: | | |
| export DCT_KEY_PATH="$(echo "~/.docker/trust/private/${DCT_KEY_ID}.key")" | |
| rm "$DCT_KEY_PATH" |