Skip to content

Commit

Permalink
add(action): allow to sign and push multiple tags
Browse files Browse the repository at this point in the history
  • Loading branch information
vitalyu committed Mar 16, 2023
1 parent 59b633d commit 6688de8
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 13 deletions.
16 changes: 9 additions & 7 deletions action.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ set -euo pipefail

function usage_info() {
echo
echo "Usage: ./$(basename "${0}") <image-ref> <signer-key-id> <signer-key> <repository-passphrase>"
echo "Usage: ./$(basename "${0}") <tags> <signer-key-id> <signer-key> <repository-passphrase>"
echo
echo " <image-ref> - image reference, example: dodoreg.azurecr.io/site-gateway:latest"
echo " <tags> - image tags separated by comma, example: example.azurecr.io/app:latest"
echo " <signer-key-id> - signer key id (hash), example: 1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
echo " <signer-key> - signer key file path, example: ./1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef.key"
echo " <repository-passphrase> - passphrase for repository key"
Expand All @@ -16,7 +16,7 @@ function usage_info() {

[ $# -lt 4 ] && usage_info

image_ref="${1}"
tags="${1}"
signer_key_id="${2}"
signer_key="${3}"
repository_passphrase="${4}"
Expand All @@ -34,10 +34,12 @@ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="${repository_passphrase}"
echo "[~] Load signing key"
docker trust key load "${private_key_path}"

echo "[~] Sign image"
docker trust sign "${image_ref}"
for tag in ${tags//,/ }; do
echo "[~] Sign and push image ${tag}"
docker trust sign "${tag}"

echo "[~] Inspect image"
docker trust inspect --pretty "${image_ref}"
echo "[~] Inspect image ${tag}"
docker trust inspect --pretty "${tag}"
done

echo "[.] Done"
6 changes: 3 additions & 3 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ branding:
icon: "award"
color: "green"
inputs:
image-ref:
description: "imagename:tag"
tags:
description: "image tags separated by comma, example: example.azurecr.io/app:latest"
required: true
signer-key-id:
description: "signer key id (hash)"
Expand All @@ -24,7 +24,7 @@ runs:
shell: bash
- run: |
${{github.action_path}}/action.sh \
"${{ inputs.image-ref }}" \
"${{ inputs.tags }}" \
"${{ inputs.signer-key-id }}" \
"${{ inputs.signer-key-id }}.key" \
"${{ inputs.repository-passphrase }}"
Expand Down
8 changes: 5 additions & 3 deletions docs/action_usage.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,9 @@ jobs:
Build/Sign/Release:
runs-on: ubuntu-latest
env:
image-ref: example.azurecr.io/nginx:latest
tags: >
example.azurecr.io/nginx:dev,
example.azurecr.io/nginx:stage
steps:
// Checkout repo
- uses: actions/checkout@v3
Expand All @@ -33,12 +35,12 @@ jobs:
// Build Dockerfile
- uses: docker/build-push-action@v4
with:
tags: ${{ env.image-ref }}
tags: ${{ env.tags }}

// Sign and Push to registry
- uses: dodopizza/acr-sign-push-action@main
with:
image-ref: ${{ env.image-ref }}
tags: ${{ env.tags }}
signer-key-id: ${{ secrets.signer_key_id }}
signer-key: ${{ secrets.signer_key_content_base64 }}
repository-passphrase: ${{ secrets.repository_passphrase }}
Expand Down

0 comments on commit 6688de8

Please sign in to comment.