-
Notifications
You must be signed in to change notification settings - Fork 4
35 lines (32 loc) · 1.27 KB
/
dockerhub.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
---
name: Docker Hub
on:
push:
pull_request:
schedule:
- cron: "0 0 * * 0"
workflow_dispatch:
permissions: {}
jobs:
pull:
strategy:
matrix:
platform: ["linux/amd64", "linux/arm64"]
runs-on: ubuntu-latest
steps:
- name: Set IMAGE
shell: bash
run: echo "IMAGE=${GITHUB_REPOSITORY#*/docker-}" >> "${GITHUB_ENV}"
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Pull the latest ${{ matrix.platform }} image
shell: bash
run: docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${IMAGE}"
- name: Pull the latest ${{ matrix.platform }} image SBOM
shell: bash
run: docker buildx imagetools inspect "${GITHUB_REPOSITORY_OWNER}/${IMAGE}" --format "{{ json (index .SBOM \"${{ matrix.platform }}\").SPDX }}"
- name: Install cosign
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
- name: Verify the Docker image signature
shell: bash
run: |
cosign verify "${GITHUB_REPOSITORY_OWNER}/${IMAGE}" --certificate-identity-regexp "https://github\.com/${GITHUB_REPOSITORY}/\.github/workflows/.+" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'