Alpine Mainline #196

Workflow file for this run

.github/workflows/alpine-mainline.yml at 5baae2a

	---
	name: Alpine Mainline
	on:
	schedule:
	- cron: "0 0 * * 1"
	workflow_dispatch:
	jobs:
	version:
	name: Fetch NGINX mainline version
	runs-on: ubuntu-22.04
	outputs:
	major: ${{ steps.nginx_version.outputs.major }}
	minor: ${{ steps.nginx_version.outputs.minor }}
	patch: ${{ steps.nginx_version.outputs.patch }}
	distro: ${{ steps.distro_version.outputs.release }}
	steps:
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ secrets.AWS_REGION }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	- name: Cleanup AWS ECR
	run: \|
	REPOSITORY_NAME=nginx-unprivileged
	BATCH_DELETE_SIZE=100
	function batch_delete {
	while read -r batch; do
	if [ -z "${batch}" ]; then
	break
	fi

	echo "Deleting ${batch}"
	aws ecr-public batch-delete-image \
	--repository-name "${REPOSITORY_NAME}" \
	--image-ids ${batch}

	done < <(xargs -L ${BATCH_DELETE_SIZE} <<<"$1")
	}
	IMAGE_DIGESTS=$(aws ecr-public describe-images \
	--repository-name "${REPOSITORY_NAME}" \
	--query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) \|\| contains(imageManifestMediaType, `image.index.v1`))].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
	--output text)
	batch_delete "${IMAGE_DIGESTS}"
	IMAGE_DIGESTS=$(aws ecr-public describe-images \
	--repository-name "${REPOSITORY_NAME}" \
	--query 'imageDetails[?!imageTags].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
	--output text)
	batch_delete "${IMAGE_DIGESTS}"


	# REPOSITORY_NAME=nginx-unprivileged

	# IMAGE_DIGESTS=$(aws ecr-public describe-images \
	# --max-items 100 \
	# --repository-name $REPOSITORY_NAME \
	# --query 'imageDetails[?!imageTags && (contains(imageManifestMediaType, `manifest.list.v2`) \|\| contains(imageManifestMediaType, `image.index.v1`))].{imageDigest: join(`=`, [`imageDigest`, imageDigest])}' \
	# \| jq -r '.[]' \| join(" "))

	# # IMAGES=$(aws ecr-public describe-images \
	# # --repository-name $REPOSITORY_NAME \
	# # --region us-east-1 --max-items 100 \| jq -r .imageDetails)

	# # UNTAGGED_IMAGES=$(jq -r 'map(select(has("imageTags") \| not))' <<< $IMAGES)

	# # IMAGE_DIGESTS=$(jq -r '[.[] \| "imageDigest=\(.imageDigest)"] \| join(" ")' <<< $UNTAGGED_IMAGES)

	# aws ecr-public batch-delete-image \
	# --repository-name $REPOSITORY_NAME \
	# --image-ids $IMAGE_DIGESTS
	# # env:
	# aws-region: ${{ secrets.AWS_REGION }}
	# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Check out the codebase
	uses: actions/checkout@v4

	- name: Parse NGINX mainline version
	id: nginx_version
	run: \|
	echo "major=$(cat update.sh \| grep -m1 '\[mainline\]=' \| cut -d"'" -f2 \| cut -d"." -f1)" >> "$GITHUB_OUTPUT"
	echo "minor=$(cat update.sh \| grep -m1 '\[mainline\]=' \| cut -d"'" -f2 \| cut -d"." -f2)" >> "$GITHUB_OUTPUT"
	echo "patch=$(cat update.sh \| grep -m1 '\[mainline\]=' \| cut -d"'" -f2 \| cut -d"." -f3)" >> "$GITHUB_OUTPUT"

	- name: Parse Alpine version
	id: distro_version
	run: \|
	echo "release=$(cat update.sh \| grep -m5 '\[mainline\]=' \| tail -n1 \| cut -d"'" -f2)" >> "$GITHUB_OUTPUT"

	core:
	name: Build Alpine NGINX mainline Docker image
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	needs: [version, slim]
	steps:
	- name: Check out the codebase
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ secrets.AWS_REGION }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Quay
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	public.ecr.aws/nginx/nginx-unprivileged
	docker.io/nginxinc/nginx-unprivileged
	ghcr.io/nginxinc/nginx-unprivileged
	quay.io/nginx/nginx-unprivileged
	tags: \|
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}
	type=raw,value=${{ needs.version.outputs.major }}-alpine
	type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}
	type=raw,value=mainline-alpine
	type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}
	type=raw,value=alpine
	type=raw,value=alpine${{ needs.version.outputs.distro }}

	- name: Build and push NGINX mainline Alpine image to Amazon ECR, Docker Hub, and GitHub Container Registry
	id: build
	uses: docker/build-push-action@v5
	with:
	platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x
	context: "{{ defaultContext }}:mainline/alpine"
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	push: true
	# cache-from: type=gha,scope=debian-perl
	# cache-to: type=gha,mode=min,scope=debian-perl

	- name: Sign Docker Hub Manifest
	run: \|
	set -ex
	sudo apt update
	sudo apt install -y notary
	mkdir -p ~/.docker/trust/private
	echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx
	DIGEST=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".digest' \| cut -d ':' -f2)
	SIZE=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".size')
	export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" \| base64 -w0)
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }} $SIZE --sha256 $DIGEST --publish --verbose
	env:
	DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
	DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }}
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
	NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

	perl:
	name: Build Alpine NGINX mainline perl Docker image
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	needs: [version, core]
	steps:
	- name: Check out the codebase
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ secrets.AWS_REGION }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Quay
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	public.ecr.aws/nginx/nginx-unprivileged
	docker.io/nginxinc/nginx-unprivileged
	ghcr.io/nginxinc/nginx-unprivileged
	quay.io/nginx/nginx-unprivileged
	tags: \|
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl
	type=raw,value=${{ needs.version.outputs.major }}-alpine-perl
	type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl
	type=raw,value=mainline-alpine-perl
	type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-perl
	type=raw,value=alpine-perl
	type=raw,value=alpine${{ needs.version.outputs.distro }}-perl

	- name: Build and push NGINX mainline perl Alpine image to Amazon ECR, Docker Hub, and GitHub Container Registry
	id: build
	uses: docker/build-push-action@v5
	with:
	platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x
	context: "{{ defaultContext }}:mainline/alpine-perl"
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	push: true
	# cache-from: type=gha,scope=alpine-perl
	# cache-to: type=gha,mode=min,scope=alpine-perl

	- name: Sign Docker Hub Manifest
	run: \|
	set -ex
	sudo apt update
	sudo apt install -y notary
	mkdir -p ~/.docker/trust/private
	echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx
	DIGEST=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".digest' \| cut -d ':' -f2)
	SIZE=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".size')
	export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" \| base64 -w0)
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-perl $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-perl $SIZE --sha256 $DIGEST --publish --verbose
	env:
	DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
	DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }}
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
	NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

	slim:
	name: Build Alpine NGINX mainline slim Docker image
	runs-on: ubuntu-22.04
	strategy:
	fail-fast: false
	needs: version
	steps:
	- name: Check out the codebase
	uses: actions/checkout@v4

	- name: Set up QEMU
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ secrets.AWS_REGION }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Login to Quay
	uses: docker/login-action@v3
	with:
	registry: quay.io
	username: ${{ secrets.QUAY_USERNAME }}
	password: ${{ secrets.QUAY_TOKEN }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: \|
	public.ecr.aws/nginx/nginx-unprivileged
	docker.io/nginxinc/nginx-unprivileged
	ghcr.io/nginxinc/nginx-unprivileged
	quay.io/nginx/nginx-unprivileged
	tags: \|
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim
	type=raw,value=${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim
	type=raw,value=${{ needs.version.outputs.major }}-alpine-slim
	type=raw,value=${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim
	type=raw,value=mainline-alpine-slim
	type=raw,value=mainline-alpine${{ needs.version.outputs.distro }}-slim
	type=raw,value=alpine-slim
	type=raw,value=alpine${{ needs.version.outputs.distro }}-slim

	- name: Build and push NGINX mainline slim Alpine image to Amazon ECR, Docker Hub and GitHub Container Registry
	id: build
	uses: docker/build-push-action@v5
	with:
	platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64, linux/386, linux/ppc64le, linux/s390x
	context: "{{ defaultContext }}:mainline/alpine-slim"
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	push: true
	# cache-from: type=gha,scope=alpine-slim
	# cache-to: type=gha,mode=min,scope=alpine-slim

	- name: Sign Docker Hub Manifest
	run: \|
	set -ex
	sudo apt update
	sudo apt install -y notary
	mkdir -p ~/.docker/trust/private
	echo "$DOCKER_CONTENT_TRUST_REPOSITORY_KEY" > ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	chmod 0400 ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key
	docker trust key load ~/.docker/trust/private/$DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID.key --name nginx
	DIGEST=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".digest' \| cut -d ':' -f2)
	SIZE=$(printf '${{ steps.build.outputs.metadata }}' \| jq -r '."containerimage.descriptor".size')
	export NOTARY_AUTH=$(printf "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" \| base64 -w0)
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}.${{ needs.version.outputs.patch }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged ${{ needs.version.outputs.major }}-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged mainline-alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine-slim $SIZE --sha256 $DIGEST --publish --verbose
	notary -d ~/.docker/trust/ -s https://notary.docker.io addhash docker.io/nginxinc/nginx-unprivileged alpine${{ needs.version.outputs.distro }}-slim $SIZE --sha256 $DIGEST --publish --verbose
	env:
	DOCKER_CONTENT_TRUST_REPOSITORY_KEY: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY }}
	DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_KEY_ID }}
	DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
	NOTARY_TARGETS_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Alpine Mainline #196

Workflow file

Alpine Mainline #196

Jobs

Run details

Workflow file for this run