Update docker-publish-rootless-arm.yaml

2025-12-30 17:47:24 +01:00 · 2024-10-12 17:49:43 +01:00
parent f26b5e1190
commit d45c8b2b2d
1 changed files with 13 additions and 20 deletions
--- a/.github/workflows/docker-publish-rootless-arm.yaml
+++ b/.github/workflows/docker-publish-rootless-arm.yaml
@@ -37,26 +37,22 @@ jobs:
    permissions:
      contents: read
      packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
      attestations: write
      id-token: write

    steps:
+      # Step 1: Checkout repository
      - name: Checkout repository
        uses: actions/checkout@v4

-      # Set up BuildKit Docker container builder to be able to build
-      # multi-platform images and export cache
-      # https://github.com/docker/setup-buildx-action
+      # Step 2: Set up Buildx without specifying driver
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3.0.0
        with:
          install: true  # Ensure Buildx is installed and set up properly
          use: true      # Use Buildx instance directly for this job

-      # Login against a Docker registry except on PR
-      # https://github.com/docker/login-action
+      # Step 3: Login to Docker registry except on PR
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3.0.0
@@ -65,8 +61,7 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      # Extract metadata (tags, labels) for Docker
-      # https://github.com/docker/metadata-action
+      # Step 4: Extract metadata for Docker images
      - name: Extract Docker metadata
        id: metadata
        uses: docker/metadata-action@v5.0.0
@@ -81,9 +76,8 @@ jobs:
            type=schedule,pattern=nightly
          flavor: |
            suffix=-rootless-arm,onlatest=true
-  
-      # Build and push Docker image with Buildx (don't push on PR)
-      # https://github.com/docker/build-push-action
+
+      # Step 5: Build and push the Docker image
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v5.0.0
@@ -92,15 +86,14 @@ jobs:
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.metadata.outputs.tags }}
          labels: ${{ steps.metadata.outputs.labels }}
-          platforms: linux/arm64,linux/arm/v7  # Build for both ARM64 and ARMv7 architectures
-          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache  # Use registry-based caching for better cross-platform support
-          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:cache  # Store the cache in the registry for faster builds
+          platforms: linux/arm64,linux/arm/v7
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
          build-args: |
-            VERSION=${{ github.ref_name }}  # Pass version as a build argument
-            COMMIT=${{ github.sha }}  # Pass commit SHA as a build argument
+            VERSION=${{ github.ref_name }}
+            COMMIT=${{ github.sha }}

-      # Attest the built image to prove build provenance
-      # https://github.com/actions/attest-build-provenance
+      # Step 6: Attest built image to prove build provenance
      - name: Attest
        uses: actions/attest-build-provenance@v1
        id: attest
@@ -108,4 +101,4 @@ jobs:
        with:
          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          subject-digest: ${{ steps.build-and-push.outputs.digest }}
-          push-to-registry: true  # Push the attestation to the registry
+          push-to-registry: true