Skip to content

Commit 5c62e8a

Browse files
thomasleplusthomasleplus
committed
Update dockerhub.yml
1 parent c198996 commit 5c62e8a

File tree

1 file changed

+9
-8
lines changed

1 file changed

+9
-8
lines changed

.github/workflows/dockerhub.yml

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ name: Docker Hub
33

44
on:
55
push:
6-
pull_request:
76
schedule:
87
- cron: "0 0 * * 0"
98
workflow_dispatch:
@@ -12,24 +11,26 @@ permissions: {}
1211

1312
jobs:
1413
pull:
14+
if: startsWith(github.ref, 'refs/heads/')
15+
runs-on: ubuntu-latest
1516
strategy:
1617
matrix:
1718
platform: ["linux/amd64", "linux/arm64"]
18-
runs-on: ubuntu-latest
19+
tag: ["main", "latest"]
1920
steps:
2021
- name: Set REPOSITORY
2122
shell: bash
2223
run: echo "REPOSITORY=${GITHUB_REPOSITORY#*/}" >> "${GITHUB_ENV}"
2324
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
24-
- name: Pull the latest ${{ matrix.platform }} image
25+
- name: Pull the ${{ matrix.tag }} ${{ matrix.platform }} image
2526
shell: bash
26-
run: docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${REPOSITORY}"
27-
- name: Pull the latest ${{ matrix.platform }} image SBOM
27+
run: docker pull --platform "${{ matrix.platform }}" "${GITHUB_REPOSITORY_OWNER}/${REPOSITORY}:${{ matrix.tag }}"
28+
- name: Pull the ${{ matrix.tag }} ${{ matrix.platform }} image SBOM
2829
shell: bash
29-
run: docker buildx imagetools inspect "${GITHUB_REPOSITORY_OWNER}/${REPOSITORY}" --format "{{ json (index .SBOM \"${{ matrix.platform }}\").SPDX }}"
30+
run: docker buildx imagetools inspect "${GITHUB_REPOSITORY_OWNER}/${REPOSITORY}:${{ matrix.tag }}" --format "{{ json (index .SBOM \"${{ matrix.platform }}\").SPDX }}"
3031
- name: Install cosign
3132
uses: sigstore/cosign-installer@d7d6bc7722e3daa8354c50bcb52f4837da5e9b6a # v3.8.1
32-
- name: Verify the Docker image signature
33+
- name: Verify the ${{ matrix.tag }} image signature
3334
shell: bash
3435
run: |
35-
cosign verify "${GITHUB_REPOSITORY_OWNER}/${REPOSITORY}" --certificate-identity-regexp "https://github\.com/${GITHUB_REPOSITORY}/\.github/workflows/.+" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'
36+
cosign verify "${GITHUB_REPOSITORY_OWNER}/${REPOSITORY}:${{ matrix.tag }}" --certificate-identity-regexp "https://github\.com/${GITHUB_REPOSITORY}/\.github/workflows/.+" --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'

0 commit comments

Comments
 (0)