From e822aa733acdb953cbf2729022620b268430d7ac Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 17:20:47 +0100 Subject: [PATCH 01/12] separate steps with empty lines for mcedit and readability --- .../workflows/build_latest_release_multi.yml | 19 +++++++++++++++++++ .github/workflows/build_master.yml | 12 ++++++++++++ .github/workflows/build_master_dev.yml | 15 +++++++++++++++ .github/workflows/build_master_multi.yml | 12 ++++++++++++ 4 files changed, 58 insertions(+) diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index d93ab84..38ae6eb 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -24,6 +24,7 @@ jobs: username: '${{ github.actor }}' password: '${{ secrets.GITHUB_TOKEN }}' registry: 'ghcr.io/${{ github.repository_owner }}' + - name: 'login docker hub' env: DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' @@ -31,6 +32,7 @@ jobs: run: | echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' env: QUAY_USER: '${{ secrets.QUAY_USER }}' @@ -38,6 +40,7 @@ jobs: run: | echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -45,10 +48,12 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false tag_name: ${{ github.ref }} + - name: 'set env vars' run: | release_tag_redirect=$(curl -s https://github.com/curl/curl/releases/latest -w'%{redirect_url}\n' -o /dev/null) @@ -57,22 +62,29 @@ jobs: rel=${latest_release_ref:5} release_image_tag="${rel//_/.}" echo "REL=$release_image_tag" >> "$GITHUB_ENV" + - name: 'build multi image' run: buildah unshare make branch_or_ref="$TAG_REF" release_tag="$REL" multibuild + - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag="$REL" test + - name: 'install scan prereqs' run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-multi:"$REL" scan + - name: 'push images to github registry' run: | buildah manifest push --format v2s2 --all curl-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-multi:"$REL" buildah manifest push --format v2s2 --all curl-base-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-base-multi:"$REL" + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + - name: 'sign images with sigstore key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' @@ -80,16 +92,19 @@ jobs: run: | echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-multi:"$REL" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-base-multi:"$REL" + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:"$REL" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:"$REL" + - name: 'push release to docker hub' run: | buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:"$REL" buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:latest buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://docker.io/curlimages/curl-base:"$REL" buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://docker.io/curlimages/curl-base:latest + - name: 'sign images with a sigstore key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' @@ -99,18 +114,21 @@ jobs: echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin docker.io/curlimages/curl:latest echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin docker.io/curlimages/curl-base:"$REL" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin docker.io/curlimages/curl-base:latest + - name: 'verify image with public key' run: | cosign verify --key cosign.pub docker.io/curlimages/curl:"$REL" cosign verify --key cosign.pub docker.io/curlimages/curl:latest cosign verify --key cosign.pub docker.io/curlimages/curl-base:"$REL" cosign verify --key cosign.pub docker.io/curlimages/curl-base:latest + - name: 'push release to quay.io' run: | buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:"$REL" buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:latest buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://quay.io/curl/curl-base:"$REL" buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://quay.io/curl/curl-base:latest + - name: 'sign images with a sigstore key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' @@ -120,6 +138,7 @@ jobs: echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin quay.io/curl/curl:latest echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin quay.io/curl/curl-base:"$REL" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin quay.io/curl/curl-base:latest + - name: 'verify image with public key' run: | cosign verify --key cosign.pub quay.io/curl/curl:"$REL" diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 7a513a6..6d10fbb 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -27,6 +27,7 @@ jobs: username: '${{ github.actor }}' password: '${{ secrets.GITHUB_TOKEN }}' registry: 'ghcr.io/${{ github.repository_owner }}' + - name: 'login docker hub' env: DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' @@ -34,6 +35,7 @@ jobs: run: | echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' env: QUAY_USER: '${{ secrets.QUAY_USER }}' @@ -41,6 +43,7 @@ jobs: run: | echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -48,27 +51,35 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false ref: 'main' + - name: 'build master images' run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images + - name: 'test image' run: buildah unshare make dist_name=localhost/curl release_tag=master test + - name: 'install scan prereqs' run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl:master scan + - name: 'push images to github registry' run: | buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master" buildah push curl-base:master "docker://ghcr.io/curl/curl-container/curl-base:master" buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + - name: 'sign image with a key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' @@ -77,6 +88,7 @@ jobs: echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-dev:master echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-base:master echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl:master + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev:master diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 69bccd8..6869d91 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -35,6 +35,7 @@ jobs: run: | echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' env: QUAY_USER: '${{ secrets.QUAY_USER }}' @@ -42,6 +43,7 @@ jobs: run: | echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -49,47 +51,60 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false ref: 'main' + - name: 'build debian dev image' run: buildah unshare make branch_or_ref=master release_tag=master build_debian + - name: 'install scan prereqs' run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-dev-debian:master scan + - name: 'push images to github registry' run: | buildah push curl-dev-debian:master "docker://ghcr.io/curl/curl-container/curl-dev-debian:master" + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + - name: 'sign image with a key' env: COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-dev-debian:master + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev-debian:master + - name: 'build fedora dev image' run: buildah unshare make branch_or_ref=master release_tag=master build_fedora + - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-dev-fedora:master scan + - name: 'push images to github registry' run: | buildah push curl-dev-fedora:master "docker://ghcr.io/curl/curl-container/curl-dev-fedora:master" + - name: 'sign image with a key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-dev-fedora:master + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev-fedora:master diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index e8439da..38227b6 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -27,6 +27,7 @@ jobs: username: '${{ github.actor }}' password: '${{ secrets.GITHUB_TOKEN }}' registry: 'ghcr.io/${{ github.repository_owner }}' + - name: 'login docker hub' env: DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' @@ -34,6 +35,7 @@ jobs: run: | echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'login quay.io' env: QUAY_USER: '${{ secrets.QUAY_USER }}' @@ -41,6 +43,7 @@ jobs: run: | echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -48,26 +51,34 @@ jobs: sudo rm -f /var/lib/man-db/auto-update sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false ref: 'main' + - name: 'build multi image' run: buildah unshare make branch_or_ref=master release_tag=master multibuild + - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test + - name: 'install scan prereqs' run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-multi:master scan + - name: 'push multi images to github registry' run: | buildah manifest push --all --format v2s2 localhost/curl-base-multi:master "docker://ghcr.io/curl/curl-container/curl-base-multi:master" buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" + - name: 'install Cosign' uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 + - name: 'sign image with a key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' @@ -75,6 +86,7 @@ jobs: run: | echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-multi:master echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-base-multi:master + - name: 'verify image with public key' run: | cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:master From 8b16418c5f900ced0e7dedd877cf63469e75cbd8 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 17:26:41 +0100 Subject: [PATCH 02/12] replace redhat action with raw command --- .github/workflows/build_ci_multi.yml | 13 ++----------- .github/workflows/build_latest_release_multi.yml | 11 ++++++----- .github/workflows/build_master.yml | 11 ++++++----- .github/workflows/build_master_dev.yml | 12 +++++++----- .github/workflows/build_master_multi.yml | 11 ++++++----- 5 files changed, 27 insertions(+), 31 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index d0e0c26..ba8220b 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -17,16 +17,7 @@ jobs: name: 'Verify credentials' runs-on: 'ubuntu-latest' steps: - # upside: it logs out and aims to delete creds ~/.docker/config.json - # downside: extra dependency, uses -p instead of --password-stdin - - name: 'login ghcr.io (actor, via action)' - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 - with: - username: '${{ github.actor }}' - password: '${{ secrets.GITHUB_TOKEN }}' - registry: 'ghcr.io/${{ github.repository_owner }}' - - - name: 'login ghcr.io (actor, direct)' + - name: 'login ghcr.io (actor)' env: REGISTRY_USER: '${{ github.actor }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' @@ -36,7 +27,7 @@ jobs: docker --version echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'login ghcr.io (repo owner, direct)' + - name: 'login ghcr.io (repo owner)' env: REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 38ae6eb..185c560 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -19,11 +19,12 @@ jobs: packages: write # To create/update container on ghcr.io steps: - name: 'login ghcr.io' - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 - with: - username: '${{ github.actor }}' - password: '${{ secrets.GITHUB_TOKEN }}' - registry: 'ghcr.io/${{ github.repository_owner }}' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 6d10fbb..1eac1b3 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -22,11 +22,12 @@ jobs: packages: write # To create/update container on ghcr.io steps: - name: 'login ghcr.io' - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 - with: - username: '${{ github.actor }}' - password: '${{ secrets.GITHUB_TOKEN }}' - registry: 'ghcr.io/${{ github.repository_owner }}' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 6869d91..86a7897 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -23,11 +23,13 @@ jobs: packages: write # To create/update container on ghcr.io steps: - name: 'login ghcr.io' - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 - with: - username: '${{ github.actor }}' - password: '${{ secrets.GITHUB_TOKEN }}' - registry: 'ghcr.io/${{ github.repository_owner }}' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + - name: 'login docker hub' env: DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index 38227b6..5965999 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -22,11 +22,12 @@ jobs: packages: write # To create/update container on ghcr.io steps: - name: 'login ghcr.io' - uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7 - with: - username: '${{ github.actor }}' - password: '${{ secrets.GITHUB_TOKEN }}' - registry: 'ghcr.io/${{ github.repository_owner }}' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: From 4a7bea6e6215b1d0bb22cbd098054a55cc46ab14 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 17:30:09 +0100 Subject: [PATCH 03/12] podman login should be enough for ghcr push (what redhat action did) --- .github/workflows/build_latest_release_multi.yml | 1 - .github/workflows/build_master.yml | 1 - .github/workflows/build_master_dev.yml | 1 - .github/workflows/build_master_multi.yml | 1 - 4 files changed, 4 deletions(-) diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 185c560..aa9208a 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -24,7 +24,6 @@ jobs: REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 1eac1b3..0fb80e3 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -27,7 +27,6 @@ jobs: REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 86a7897..a1930bf 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -28,7 +28,6 @@ jobs: REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index 5965999..0bd91dd 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -27,7 +27,6 @@ jobs: REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - name: 'login docker hub' env: From 2dec8b391d774418b8cbca9c11fc4d8b7880098a Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 17:30:40 +0100 Subject: [PATCH 04/12] build_ci_multi.yml optimize out env --- .github/workflows/build_ci_multi.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index ba8220b..9cb515f 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -31,12 +31,11 @@ jobs: env: REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - IMAGE_REGISTRY: 'ghcr.io/${{ github.repository_owner }}' run: | podman --version - echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "${IMAGE_REGISTRY}" + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" docker --version - echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "${IMAGE_REGISTRY}" + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" verify_secrets_registries: name: 'Verify credentials (docker hub, quay)' From 2238ed1e3a6826d46b24b8adc22c32ba51ce8ca4 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 18:30:29 +0100 Subject: [PATCH 05/12] use Linuxbrew cosign, drop sigstore/cosign action --- .github/workflows/build_ci_multi.yml | 4 ++-- .github/workflows/build_latest_release_multi.yml | 15 +++++++++------ .github/workflows/build_master.yml | 11 +++++------ .github/workflows/build_master_dev.yml | 13 +++++++------ .github/workflows/build_master_multi.yml | 11 +++++------ 5 files changed, 28 insertions(+), 26 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index 9cb515f..d755f28 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -77,8 +77,8 @@ jobs: run: buildah unshare make branch_or_ref=master release_tag=master multibuild - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test - - name: 'install scan prereqs' - run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index aa9208a..5494443 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -63,15 +63,15 @@ jobs: release_image_tag="${rel//_/.}" echo "REL=$release_image_tag" >> "$GITHUB_ENV" + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy + - name: 'build multi image' run: buildah unshare make branch_or_ref="$TAG_REF" release_tag="$REL" multibuild - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag="$REL" test - - name: 'install scan prereqs' - run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" @@ -82,19 +82,18 @@ jobs: buildah manifest push --format v2s2 --all curl-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-multi:"$REL" buildah manifest push --format v2s2 --all curl-base-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-base-multi:"$REL" - - name: 'install Cosign' - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: 'sign images with sigstore key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-multi:"$REL" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-base-multi:"$REL" - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:"$REL" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:"$REL" @@ -110,6 +109,7 @@ jobs: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin docker.io/curlimages/curl:"$REL" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin docker.io/curlimages/curl:latest echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin docker.io/curlimages/curl-base:"$REL" @@ -117,6 +117,7 @@ jobs: - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub docker.io/curlimages/curl:"$REL" cosign verify --key cosign.pub docker.io/curlimages/curl:latest cosign verify --key cosign.pub docker.io/curlimages/curl-base:"$REL" @@ -134,6 +135,7 @@ jobs: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin quay.io/curl/curl:"$REL" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin quay.io/curl/curl:latest echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin quay.io/curl/curl-base:"$REL" @@ -141,6 +143,7 @@ jobs: - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub quay.io/curl/curl:"$REL" cosign verify --key cosign.pub quay.io/curl/curl:latest cosign verify --key cosign.pub quay.io/curl/curl-base:"$REL" diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 0fb80e3..3dca32c 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -52,6 +52,9 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -63,9 +66,6 @@ jobs: - name: 'test image' run: buildah unshare make dist_name=localhost/curl release_tag=master test - - name: 'install scan prereqs' - run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" @@ -77,20 +77,19 @@ jobs: buildah push curl-base:master "docker://ghcr.io/curl/curl-container/curl-base:master" buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" - - name: 'install Cosign' - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: 'sign image with a key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-dev:master echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-base:master echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl:master - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev:master cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base:master cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index a1930bf..953b8b5 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -53,6 +53,9 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -61,9 +64,6 @@ jobs: - name: 'build debian dev image' run: buildah unshare make branch_or_ref=master release_tag=master build_debian - - name: 'install scan prereqs' - run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" @@ -73,18 +73,17 @@ jobs: run: | buildah push curl-dev-debian:master "docker://ghcr.io/curl/curl-container/curl-dev-debian:master" - - name: 'install Cosign' - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: 'sign image with a key' env: COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-dev-debian:master - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev-debian:master - name: 'build fedora dev image' @@ -104,8 +103,10 @@ jobs: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-dev-fedora:master - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-dev-fedora:master diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index 0bd91dd..ae776b9 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -52,6 +52,9 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false @@ -63,9 +66,6 @@ jobs: - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test - - name: 'install scan prereqs' - run: /home/linuxbrew/.linuxbrew/bin/brew install grype trivy - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" @@ -76,18 +76,17 @@ jobs: buildah manifest push --all --format v2s2 localhost/curl-base-multi:master "docker://ghcr.io/curl/curl-container/curl-base-multi:master" buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" - - name: 'install Cosign' - uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0 - - name: 'sign image with a key' env: COSIGN_PASSWORD: '${{ secrets.COSIGN_PASSWORD }}' COSIGN_PRIVATE_KEY: '${{ secrets.COSIGN_PRIVATE_KEY }}' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-multi:master echo "${COSIGN_PRIVATE_KEY}" | cosign sign -y --key /dev/stdin ghcr.io/curl/curl-container/curl-base-multi:master - name: 'verify image with public key' run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:master cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:master From 9dd42230d58a14412811f35ccd1c8c1315affc4b Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 18:32:34 +0100 Subject: [PATCH 06/12] sort / alignment --- .github/workflows/build_latest_release_multi.yml | 10 +++++----- .github/workflows/build_master.yml | 4 ++-- .github/workflows/build_master_multi.yml | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 5494443..68a8cec 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -79,7 +79,7 @@ jobs: - name: 'push images to github registry' run: | - buildah manifest push --format v2s2 --all curl-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-multi:"$REL" + buildah manifest push --format v2s2 --all curl-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-multi:"$REL" buildah manifest push --format v2s2 --all curl-base-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-base-multi:"$REL" - name: 'sign images with sigstore key' @@ -99,8 +99,8 @@ jobs: - name: 'push release to docker hub' run: | - buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:"$REL" - buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:latest + buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:"$REL" + buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:latest buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://docker.io/curlimages/curl-base:"$REL" buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://docker.io/curlimages/curl-base:latest @@ -125,8 +125,8 @@ jobs: - name: 'push release to quay.io' run: | - buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:"$REL" - buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:latest + buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:"$REL" + buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:latest buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://quay.io/curl/curl-base:"$REL" buildah manifest push --format v2s2 --all localhost/curl-base-multi:"$REL" docker://quay.io/curl/curl-base:latest diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 3dca32c..ef71198 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -73,9 +73,9 @@ jobs: - name: 'push images to github registry' run: | - buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master" + buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master" buildah push curl-base:master "docker://ghcr.io/curl/curl-container/curl-base:master" - buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" + buildah push curl:master "docker://ghcr.io/curl/curl-container/curl:master" - name: 'sign image with a key' env: diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index ae776b9..d52c4af 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -73,8 +73,8 @@ jobs: - name: 'push multi images to github registry' run: | + buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" buildah manifest push --all --format v2s2 localhost/curl-base-multi:master "docker://ghcr.io/curl/curl-container/curl-base-multi:master" - buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" - name: 'sign image with a key' env: From 8e3d231c0163129e3e8e06a1223e61574a72f37c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 18:38:27 +0100 Subject: [PATCH 07/12] delete unused logins --- .github/workflows/build_master.yml | 16 ---------------- .github/workflows/build_master_dev.yml | 16 ---------------- .github/workflows/build_master_multi.yml | 16 ---------------- 3 files changed, 48 deletions(-) diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index ef71198..d6882f0 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -28,22 +28,6 @@ jobs: run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'login docker hub' - env: - DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' - DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' - run: | - echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io - echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin - - - name: 'login quay.io' - env: - QUAY_USER: '${{ secrets.QUAY_USER }}' - QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' - run: | - echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io - echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 953b8b5..8ce6384 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -29,22 +29,6 @@ jobs: run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'login docker hub' - env: - DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' - DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' - run: | - echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io - echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin - - - name: 'login quay.io' - env: - QUAY_USER: '${{ secrets.QUAY_USER }}' - QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' - run: | - echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io - echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index d52c4af..bb77d30 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -28,22 +28,6 @@ jobs: run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'login docker hub' - env: - DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' - DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' - run: | - echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io - echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin - - - name: 'login quay.io' - env: - QUAY_USER: '${{ secrets.QUAY_USER }}' - QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' - run: | - echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io - echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list From e916548c8e8c4681746795027511975c65b81f91 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 18:48:43 +0100 Subject: [PATCH 08/12] move login closer to push --- .../workflows/build_latest_release_multi.yml | 46 +++++++++---------- .github/workflows/build_master.yml | 14 +++--- .github/workflows/build_master_dev.yml | 14 +++--- .github/workflows/build_master_multi.yml | 14 +++--- 4 files changed, 44 insertions(+), 44 deletions(-) diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 68a8cec..f7dcbe4 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -18,29 +18,6 @@ jobs: permissions: packages: write # To create/update container on ghcr.io steps: - - name: 'login ghcr.io' - env: - REGISTRY_USER: '${{ github.actor }}' - REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - run: | - echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - - name: 'login docker hub' - env: - DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' - DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' - run: | - echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io - echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin - - - name: 'login quay.io' - env: - QUAY_USER: '${{ secrets.QUAY_USER }}' - QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' - run: | - echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io - echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -77,6 +54,13 @@ jobs: eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-multi:"$REL" scan + - name: 'login ghcr.io' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + - name: 'push images to github registry' run: | buildah manifest push --format v2s2 --all curl-multi:"$REL" docker://ghcr.io/curl/curl-container/curl-multi:"$REL" @@ -97,6 +81,14 @@ jobs: cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-multi:"$REL" cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl-base-multi:"$REL" + - name: 'login docker hub' + env: + DOCKER_HUB_USER: '${{ secrets.DOCKER_HUB_USER }}' + DOCKER_HUB_TOKEN: '${{ secrets.DOCKER_HUB_TOKEN }}' + run: | + echo "${DOCKER_HUB_TOKEN}" | podman login -u "${DOCKER_HUB_USER}" --password-stdin docker.io + echo "${DOCKER_HUB_TOKEN}" | docker login -u "${DOCKER_HUB_USER}" --password-stdin + - name: 'push release to docker hub' run: | buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://docker.io/curlimages/curl:"$REL" @@ -123,6 +115,14 @@ jobs: cosign verify --key cosign.pub docker.io/curlimages/curl-base:"$REL" cosign verify --key cosign.pub docker.io/curlimages/curl-base:latest + - name: 'login quay.io' + env: + QUAY_USER: '${{ secrets.QUAY_USER }}' + QUAY_TOKEN: '${{ secrets.QUAY_TOKEN }}' + run: | + echo "${QUAY_TOKEN}" | podman login -u "${QUAY_USER}" --password-stdin quay.io + echo "${QUAY_TOKEN}" | docker login -u "${QUAY_USER}" --password-stdin quay.io + - name: 'push release to quay.io' run: | buildah manifest push --format v2s2 --all localhost/curl-multi:"$REL" docker://quay.io/curl/curl:"$REL" diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index d6882f0..8350e55 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -21,13 +21,6 @@ jobs: permissions: packages: write # To create/update container on ghcr.io steps: - - name: 'login ghcr.io' - env: - REGISTRY_USER: '${{ github.actor }}' - REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - run: | - echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -55,6 +48,13 @@ jobs: eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl:master scan + - name: 'login ghcr.io' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + - name: 'push images to github registry' run: | buildah push curl-dev:master "docker://ghcr.io/curl/curl-container/curl-dev:master" diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 8ce6384..a9d5e18 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -22,13 +22,6 @@ jobs: permissions: packages: write # To create/update container on ghcr.io steps: - - name: 'login ghcr.io' - env: - REGISTRY_USER: '${{ github.actor }}' - REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - run: | - echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -53,6 +46,13 @@ jobs: eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-dev-debian:master scan + - name: 'login ghcr.io' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + - name: 'push images to github registry' run: | buildah push curl-dev-debian:master "docker://ghcr.io/curl/curl-container/curl-dev-debian:master" diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index bb77d30..cd2552f 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -21,13 +21,6 @@ jobs: permissions: packages: write # To create/update container on ghcr.io steps: - - name: 'login ghcr.io' - env: - REGISTRY_USER: '${{ github.actor }}' - REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - run: | - echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - name: 'install dev deps' run: | sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list @@ -55,6 +48,13 @@ jobs: eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" make image_name=localhost/curl-multi:master scan + - name: 'login ghcr.io' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + - name: 'push multi images to github registry' run: | buildah manifest push --all --format v2s2 localhost/curl-multi:master "docker://ghcr.io/curl/curl-container/curl-multi:master" From f1b37bb30b7344f42c0591f59f531c7478eef61e Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 18:58:20 +0100 Subject: [PATCH 09/12] use repository_owner for ghcr --- .github/workflows/build_ci_multi.yml | 12 +----------- .github/workflows/build_latest_release_multi.yml | 2 +- .github/workflows/build_master.yml | 2 +- .github/workflows/build_master_dev.yml | 2 +- .github/workflows/build_master_multi.yml | 2 +- 5 files changed, 5 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index d755f28..7cc5fd3 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -17,17 +17,7 @@ jobs: name: 'Verify credentials' runs-on: 'ubuntu-latest' steps: - - name: 'login ghcr.io (actor)' - env: - REGISTRY_USER: '${{ github.actor }}' - REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - run: | - podman --version - echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - docker --version - echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" - - - name: 'login ghcr.io (repo owner)' + - name: 'login ghcr.io' env: REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index f7dcbe4..dfc6a9b 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -56,7 +56,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.actor }}' + REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 8350e55..304a2bc 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -50,7 +50,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.actor }}' + REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index a9d5e18..cb8c1e8 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -48,7 +48,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.actor }}' + REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index cd2552f..8c1df97 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -50,7 +50,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.actor }}' + REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" From caf41cc830f25fc34cae978fda885695f40fd527 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 19:08:14 +0100 Subject: [PATCH 10/12] install early to test is sooner --- .github/workflows/build_ci_multi.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index 7cc5fd3..6843547 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -60,15 +60,17 @@ jobs: sudo apt-get -o Dpkg::Use-Pty=0 install -y \ qemu-user-static buildah less git make podman clamav clamav-freshclam + - name: 'install prereqs' + run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 with: persist-credentials: false + - name: 'build multi image' run: buildah unshare make branch_or_ref=master release_tag=master multibuild - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test - - name: 'install prereqs' - run: /home/linuxbrew/.linuxbrew/bin/brew install cosign grype trivy - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" From 4f3ddd4551fd8b966bed7367d9a68d6f6ee89090 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Thu, 11 Dec 2025 19:09:29 +0100 Subject: [PATCH 11/12] separate steps with empty lines for mcedit and readability backtrack --- .github/workflows/build_latest_release_multi.yml | 2 -- .github/workflows/build_master.yml | 2 -- .github/workflows/build_master_dev.yml | 2 -- .github/workflows/build_master_multi.yml | 2 -- 4 files changed, 8 deletions(-) diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index dfc6a9b..9512e7e 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -45,10 +45,8 @@ jobs: - name: 'build multi image' run: buildah unshare make branch_or_ref="$TAG_REF" release_tag="$REL" multibuild - - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag="$REL" test - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 304a2bc..458df13 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -39,10 +39,8 @@ jobs: - name: 'build master images' run: buildah unshare make branch_or_ref=master release_tag=master build_ref_images - - name: 'test image' run: buildah unshare make dist_name=localhost/curl release_tag=master test - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index cb8c1e8..46776e6 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -40,7 +40,6 @@ jobs: - name: 'build debian dev image' run: buildah unshare make branch_or_ref=master release_tag=master build_debian - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" @@ -72,7 +71,6 @@ jobs: - name: 'build fedora dev image' run: buildah unshare make branch_or_ref=master release_tag=master build_fedora - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index 8c1df97..bab0478 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -39,10 +39,8 @@ jobs: - name: 'build multi image' run: buildah unshare make branch_or_ref=master release_tag=master multibuild - - name: 'test image' run: buildah unshare make dist_name=localhost/curl-multi release_tag=master test - - name: 'security scan image' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" From 605fc0a09e0e55072271addf1941d659a8c3d14c Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Fri, 12 Dec 2025 20:11:28 +0100 Subject: [PATCH 12/12] Revert "use repository_owner for ghcr" This reverts commit f1b37bb30b7344f42c0591f59f531c7478eef61e. Makes no difference in current CI jobs, but may break other things. --- .github/workflows/build_ci_multi.yml | 12 +++++++++++- .github/workflows/build_latest_release_multi.yml | 2 +- .github/workflows/build_master.yml | 2 +- .github/workflows/build_master_dev.yml | 2 +- .github/workflows/build_master_multi.yml | 2 +- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build_ci_multi.yml b/.github/workflows/build_ci_multi.yml index 6843547..a36c7e5 100644 --- a/.github/workflows/build_ci_multi.yml +++ b/.github/workflows/build_ci_multi.yml @@ -17,7 +17,17 @@ jobs: name: 'Verify credentials' runs-on: 'ubuntu-latest' steps: - - name: 'login ghcr.io' + - name: 'login ghcr.io (actor)' + env: + REGISTRY_USER: '${{ github.actor }}' + REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + podman --version + echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + docker --version + echo "${REGISTRY_TOKEN}" | docker login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" + + - name: 'login ghcr.io (repo owner)' env: REGISTRY_USER: '${{ github.repository_owner }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/build_latest_release_multi.yml b/.github/workflows/build_latest_release_multi.yml index 9512e7e..56fa22e 100644 --- a/.github/workflows/build_latest_release_multi.yml +++ b/.github/workflows/build_latest_release_multi.yml @@ -54,7 +54,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.repository_owner }}' + REGISTRY_USER: '${{ github.actor }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" diff --git a/.github/workflows/build_master.yml b/.github/workflows/build_master.yml index 458df13..5b5d1a7 100644 --- a/.github/workflows/build_master.yml +++ b/.github/workflows/build_master.yml @@ -48,7 +48,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.repository_owner }}' + REGISTRY_USER: '${{ github.actor }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" diff --git a/.github/workflows/build_master_dev.yml b/.github/workflows/build_master_dev.yml index 46776e6..0e38da1 100644 --- a/.github/workflows/build_master_dev.yml +++ b/.github/workflows/build_master_dev.yml @@ -47,7 +47,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.repository_owner }}' + REGISTRY_USER: '${{ github.actor }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}" diff --git a/.github/workflows/build_master_multi.yml b/.github/workflows/build_master_multi.yml index bab0478..d27b60b 100644 --- a/.github/workflows/build_master_multi.yml +++ b/.github/workflows/build_master_multi.yml @@ -48,7 +48,7 @@ jobs: - name: 'login ghcr.io' env: - REGISTRY_USER: '${{ github.repository_owner }}' + REGISTRY_USER: '${{ github.actor }}' REGISTRY_TOKEN: '${{ secrets.GITHUB_TOKEN }}' run: | echo "${REGISTRY_TOKEN}" | podman login -u "${REGISTRY_USER}" --password-stdin "ghcr.io/${GITHUB_REPOSITORY_OWNER}"