diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a0c6534..e057bae 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -11,6 +11,10 @@ on: branches: - main +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + jobs: test: runs-on: ubuntu-latest @@ -75,6 +79,37 @@ jobs: run: | make cli GOOS=${{ matrix.os }} GOARCH=${{ matrix.arch }} + - name: Log in to the container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKER_REGISTRY_USER }} + password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + if: ${{ matrix.os == 'linux' && matrix.arch == 'amd64' }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + if: ${{ matrix.os == 'linux' && matrix.arch == 'amd64' }} + + - name: Build and push image + uses: docker/build-push-action@v6 + with: + context: . + push: true + sbom: true + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.TAG_NAME }} + if: ${{ matrix.os == 'linux' && matrix.arch == 'amd64' }} + + - name: Generate SBOM + uses: anchore/sbom-action@v0 + env: + SBOM_NAME: sbom-${{ matrix.os }}-${{ matrix.arch }}.json + with: + path: ./bin/ + format: spdx-json + artifact-name: ${{ env.SBOM_NAME }} + output-file: ./bin/${{ env.SBOM_NAME }} + - name: Prepare upload run: | mkdir -p metal/${TARGET_BINARY_LOCATION} @@ -87,4 +122,5 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} files: | bin/metal-* + bin/sbom-*.json if: ${{ github.event_name == 'release' }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..ec358d9 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,4 @@ +FROM alpine:3.22 +LABEL maintainer="metal-stack authors " +COPY bin/metalctlv2-linux-amd64 /metalctl +ENTRYPOINT ["/metalctl"]