diff --git a/.github/actions/publish/action.yml b/.github/actions/publish/action.yml index f2a0d53e..e133693e 100644 --- a/.github/actions/publish/action.yml +++ b/.github/actions/publish/action.yml @@ -15,12 +15,9 @@ outputs: hashes: description: sha256sum hashes of built artifacts value: ${{ steps.binary.outputs.hashes }} - image: - description: built docker image names - value: ${{ steps.image.outputs.name }} - digest: - description: built docker image digests - value: ${{ steps.image.outputs.digest }} + images_and_digests: + description: built docker image names and digests in JSON format + value: ${{ steps.image.outputs.images_and_digests }} runs: using: composite @@ -57,19 +54,15 @@ runs: checksum_file=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Checksum") | .path') echo "hashes=$(cat $checksum_file | base64 -w0)" >> "$GITHUB_OUTPUT" - - name: Image digest - id: image + - name: Output image and digest + id: image shell: bash env: ARTIFACTS: "${{ steps.goreleaser.outputs.artifacts }}" run: | # Generate image digest set -euo pipefail - image_and_digest=$(echo "$ARTIFACTS" | jq -r '.[] | select (.type=="Docker Manifest") | .path') - image=$(echo "${image_and_digest}" | cut -d'@' -f1 | cut -d':' -f1) - digest=$(echo "${image_and_digest}" | cut -d'@' -f2) - { echo 'name<> "$GITHUB_OUTPUT" - { echo 'digest<> "$GITHUB_OUTPUT" + echo "images_and_digests=$(echo "$ARTIFACTS" | jq -c '. | map(select (.type=="Docker Manifest") | .image=(.path | split(":")[0]) | .digest=(.extra | .Digest) | {image, digest})')" >> "$GITHUB_OUTPUT" - name: Upload Release Artifacts shell: bash diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index c715731f..5db84831 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -24,8 +24,7 @@ jobs: contents: write # Needed to upload release artifacts outputs: hashes: ${{ steps.publish.outputs.hashes }} - image: ${{ steps.publish.outputs.image }} - digest: ${{ steps.publish.outputs.digest }} + images_and_digests: ${{ steps.publish.outputs.images_and_digests }} steps: - uses: actions/checkout@v4 with: @@ -70,9 +69,11 @@ jobs: id-token: write packages: write uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 + strategy: + matrix: ${{fromJson(needs.build-publish.outputs.images_and_digests)}} with: - image: ${{ needs.build-publish.outputs.image }} - digest: ${{ needs.build-publish.outputs.digest }} + image: ${{ matrix.image }} + digest: ${{ matrix.digest }} registry-username: ${{ github.actor }} secrets: registry-password: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 66e04812..1ce2b304 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -26,8 +26,7 @@ jobs: contents: write # Needed to upload release artifacts outputs: hashes: ${{ steps.publish.outputs.hashes }} - image: ${{ steps.publish.outputs.image }} - digest: ${{ steps.publish.outputs.digest }} + images_and_digests: ${{ steps.publish.outputs.images_and_digests }} needs: [ release-please, go-versions ] if: ${{ needs.release-please.outputs.release_created == 'true' }} runs-on: ubuntu-latest @@ -76,9 +75,11 @@ jobs: id-token: write packages: write uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 + strategy: + matrix: ${{fromJson(needs.release-relay.outputs.images_and_digests)}} with: - image: ${{ needs.release-relay.outputs.image }} - digest: ${{ needs.release-relay.outputs.digest }} + image: ${{ matrix.image }} + digest: ${{ matrix.digest }} registry-username: ${{ github.actor }} secrets: registry-password: ${{ secrets.GITHUB_TOKEN }}