Skip to content

Commit

Permalink
ci: attempt to fix DCT key
Browse files Browse the repository at this point in the history
  • Loading branch information
@buchdag
buchdag committed May 17, 2024
1 parent 5f77e53 commit b8940ac
Showing 1 changed file with 16 additions and 10 deletions.
26 changes: 16 additions & 10 deletions .github/workflows/build-publish-signed.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,21 +21,24 @@ jobs:
with:
fetch-depth: 0

- name: Load DCT delegation key
env:
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }}
DCT_KEY_BASE64: ${{ secrets.DCT_KEY_BASE64 }}
run: |
echo "$DCT_KEY_BASE64" | base64 -d > delegation.key
chmod 600 delegation.key
docker trust key load delegation.key --name gha
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Load DCT delegation key
env:
DOCKER_CONTENT_TRUST: 1
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }}
DCT_KEY_PATH: ${{ github.workspace }}/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key
run: |
mkdir -p ${{ github.workspace }}/.docker/trust/private
chmod -R 700 ${{ github.workspace }}/.docker/trust
echo "${{ secrets.DCT_KEY_BASE64 }}" | base64 -d > "$DCT_KEY_PATH"
chmod 600 "$DCT_KEY_PATH"
docker trust key load "$DCT_KEY_PATH"
- name: Build the image
run: docker build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} .

Expand All @@ -50,4 +53,7 @@ jobs:
docker trust inspect --pretty ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
- name: Remove DCT delegation key
run: rm delegation.key
env:
DCT_KEY_PATH: ${{ github.workspace }}/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key
run: |
rm "$DCT_KEY_PATH"

0 comments on commit b8940ac

Please sign in to comment.