ci icon indicating copy to clipboard operation
ci copied to clipboard
verified publisher icon devcontainers

Set image digest in output

Open mmalyska opened this issue 1 year ago • 1 comments

I need to have pushed image digest so it can be signed with cosign. Example action step:

      - name: Sign the published Docker image
        if: ${{ github.event_name != 'pull_request' }}
        env:
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
        # This step uses the identity token to provision an ephemeral certificate
        # against the sigstore community Fulcio instance.
        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

mmalyska avatar Mar 27 '24 11:03 mmalyska

I don't see a way of getting this from docker buildx build, so the action or the CLI would have to extract the digest.

I suggest you do this in your build script by adding a unique tag with the imageTag input (which accepts a comma separated list in case you already use it) of the devcontainer action and using that tag to look up the digest from docker inspect.

chrmarti avatar Apr 02 '24 07:04 chrmarti