Modernize docker builds, add attestations

2026-01-01 22:20:52 +00:00 · 2024-04-18 01:46:49 +02:00
parent 120d084b12
commit 1c7523e98e
6 changed files with 35 additions and 14 deletions
--- a/.github/workflows/docker-ci.yml
+++ b/.github/workflows/docker-ci.yml
@@ -30,9 +30,10 @@ jobs:
    - name: Build ${{ matrix.configuration }} Docker image from ${{ matrix.file }}
      uses: docker/build-push-action@v5.3.0
      with:
+        build-args: CONFIGURATION=${{ matrix.configuration }}
        context: .
        file: ${{ matrix.file }}
        platforms: ${{ env.PLATFORMS }}
-        build-args: |
-          CONFIGURATION=${{ matrix.configuration }}
-          STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        provenance: true
+        sbom: true
+        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
--- a/.github/workflows/docker-publish-latest.yml
+++ b/.github/workflows/docker-publish-latest.yml
@@ -64,7 +64,9 @@ jobs:
        context: .
        file: Dockerfile.Service
        platforms: ${{ env.PLATFORMS }}
-        build-args: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        provenance: true
+        sbom: true
+        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
        labels: |
          org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
          org.opencontainers.image.version=${{ env.FIXED_TAG }}
--- a/.github/workflows/docker-publish-main.yml
+++ b/.github/workflows/docker-publish-main.yml
@@ -63,7 +63,9 @@ jobs:
      with:
        context: .
        platforms: ${{ env.PLATFORMS }}
-        build-args: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        provenance: true
+        sbom: true
+        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
        labels: |
          org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
          org.opencontainers.image.version=${{ github.sha }}
--- a/.github/workflows/docker-publish-released.yml
+++ b/.github/workflows/docker-publish-released.yml
@@ -64,7 +64,9 @@ jobs:
      with:
        context: .
        platforms: ${{ env.PLATFORMS }}
-        build-args: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
+        provenance: true
+        sbom: true
+        secrets: STEAM_TOKEN_DUMPER_TOKEN=${{ secrets.STEAM_TOKEN_DUMPER_TOKEN }}
        labels: |
          org.opencontainers.image.created=${{ env.DATE_ISO8601 }}
          org.opencontainers.image.version=${{ env.FIXED_TAG }}