fix: split variant builds to their own registry (#11)

ublue-os · Mar 2, 2023 · 17da43c · 17da43c
1 parent 4fbe168
commit 17da43c
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 20 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,5 +9,3 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-
-
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -89,18 +89,20 @@ jobs:
               echo "${TAG}"
           done
           echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
- 
+
       # Build metadata
       - name: Image Metadata
         uses: docker/metadata-action@v4
         id: meta
         with:
           images: |
-            ${{ env.IMAGE_NAME }}
+            ${{ format('{0}-main', matrix.image_name) }}
           labels: |
-            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/base/main/README.md
+            org.opencontainers.image.title=${{ format('{0}-main', matrix.image_name) }}
+            org.opencontainers.image.description=A base ${{ matrix.image_name }} image with batteries included
+            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/main/main/README.md
             io.artifacthub.package.logo-url=https://avatars.githubusercontent.com/u/120078124?s=200&v=4
-      
+
       # Build image using Buildah action
       - name: Build Image
         id: build_image
@@ -142,20 +144,6 @@ jobs:
           extra-args: |
             --disable-content-trust
 
-      # Sign container
-      - uses: sigstore/cosign-installer@v3.0.1
-        if: github.event_name != 'pull_request'
-
-      # Only needed when running `cosign sign` using a key
-      - name: Write signing key to disk
-        if: github.event_name != 'pull_request'
-        run: |
-          echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key
-          # DEBUG: get character count of key
-          wc -c cosign.key
-        env:
-          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
-
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
         if: github.event_name != 'pull_request'
@@ -164,13 +152,20 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      # Sign container
+      - uses: sigstore/cosign-installer@v3.0.1
+        if: github.event_name != 'pull_request'
+
       - name: Sign container image
         if: github.event_name != 'pull_request'
         run: |
+          echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key
+          wc -c cosign.key
           cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
         env:
           TAGS: ${{ steps.push.outputs.digest }}
           COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
 
       - name: Echo outputs
         if: github.event_name != 'pull_request'