Align image tagging and accounts image names

This commit is contained in:
Haitao Pan 2026-03-17 20:02:23 +08:00
parent b7b57c875f
commit 02d8ba5b44
4 changed files with 38 additions and 21 deletions

View File

@ -26,6 +26,9 @@ runs:
# main → latest
type=raw,enable=${{ github.ref == 'refs/heads/main' }},value=latest
# commit → short sha
type=sha,format=short,prefix=
# release tagv1.2.3
type=ref,event=tag
type=semver,pattern={{version}}

View File

@ -145,10 +145,17 @@ jobs:
# -------------------------------------------------------------
- uses: actions/checkout@v4
- name: Resolve short sha tag
id: vars
shell: bash
run: |
set -euo pipefail
echo "sha_short=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
- uses: anchore/sbom-action@v0
with:
image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}@${{ steps.build.outputs.digest }}
image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}:${{ steps.vars.outputs.sha_short }}
output-file: sbom.spdx.json
- uses: actions/upload-artifact@v4
@ -161,7 +168,7 @@ jobs:
# -------------------------------------------------------------
- uses: aquasecurity/trivy-action@0.28.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}@${{ steps.build.outputs.digest }}
image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}:${{ steps.vars.outputs.sha_short }}
severity: HIGH,CRITICAL
exit-code: '1'
@ -173,5 +180,5 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
COSIGN_IMAGE=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}@${{ steps.build.outputs.digest }}
COSIGN_IMAGE=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}:${{ steps.vars.outputs.sha_short }}
cosign sign --yes "$COSIGN_IMAGE"

View File

@ -83,10 +83,10 @@ jobs:
strategy:
matrix:
service:
- { name: account, workdir: account, dockerfile: account/Dockerfile }
- { name: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile }
- { name: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile }
- { name: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile }
- { name: account, image: accounts, workdir: account, dockerfile: account/Dockerfile }
- { name: dashboard, image: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile }
- { name: rag-server, image: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile }
- { name: xcontrol-init, image: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile }
steps:
# -------------------------------------------------------------
@ -110,7 +110,7 @@ jobs:
id: meta
uses: ./.github/actions/auto-tag
with:
image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}
image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}
# -------------------------------------------------------------
# Docker Buildx setup
@ -157,9 +157,9 @@ jobs:
run: |
set -euo pipefail
SERVICE="${{ matrix.service.name }}"
ORIGIN_IMG="${{ env.REGISTRY }}/${{ env.ORG }}/${SERVICE}@${{ steps.build.outputs.digest }}"
TARGET_REPO="docker.io/${TARGET_NS}/${SERVICE}"
IMAGE_NAME="${{ matrix.service.image }}"
ORIGIN_IMG="${{ env.REGISTRY }}/${{ env.ORG }}/${IMAGE_NAME}@${{ steps.build.outputs.digest }}"
TARGET_REPO="docker.io/${TARGET_NS}/${IMAGE_NAME}"
TAG="latest"
docker pull "$ORIGIN_IMG"
@ -173,10 +173,10 @@ jobs:
strategy:
matrix:
service:
- { name: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile }
- { name: account, workdir: account, dockerfile: account/Dockerfile }
- { name: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile }
- { name: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile }
- { name: dashboard, image: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile }
- { name: account, image: accounts, workdir: account, dockerfile: account/Dockerfile }
- { name: rag-server, image: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile }
- { name: xcontrol-init, image: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile }
steps:
# -------------------------------------------------------------
@ -184,17 +184,24 @@ jobs:
# -------------------------------------------------------------
- uses: actions/checkout@v4
- name: Resolve short sha tag
id: vars
shell: bash
run: |
set -euo pipefail
echo "sha_short=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
# -------------------------------------------------------------
# SBOM Generation
# -------------------------------------------------------------
- uses: anchore/sbom-action@v0
with:
image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}@${{ steps.build.outputs.digest }}
image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}:${{ steps.vars.outputs.sha_short }}
output-file: sbom.spdx.json
- uses: actions/upload-artifact@v4
with:
name: sbom-${{ matrix.service.name }}
name: sbom-${{ matrix.service.image }}
path: sbom.spdx.json
# -------------------------------------------------------------
@ -202,7 +209,7 @@ jobs:
# -------------------------------------------------------------
- uses: aquasecurity/trivy-action@0.28.0
with:
image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}@${{ steps.build.outputs.digest }}
image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}:${{ steps.vars.outputs.sha_short }}
severity: HIGH,CRITICAL
exit-code: '1'
@ -217,5 +224,5 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
IMG=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}@${{ steps.build.outputs.digest }}
IMG=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}:${{ steps.vars.outputs.sha_short }}
cosign sign --yes "$IMG"

View File

@ -30,13 +30,13 @@ jobs:
IMAGES=(
"ghcr.io/cloud-neutral-toolkit/openresty-geoip"
"ghcr.io/cloud-neutral-toolkit/postgres-runtime"
"ghcr.io/cloud-neutral-toolkit/account"
"ghcr.io/cloud-neutral-toolkit/accounts"
"ghcr.io/cloud-neutral-toolkit/dashboard"
"ghcr.io/cloud-neutral-toolkit/rag-server"
"ghcr.io/cloud-neutral-toolkit/xcontrol-init"
"docker.io/cloudneutral/openresty-geoip"
"docker.io/cloudneutral/postgres-runtime"
"docker.io/cloudneutral/account"
"docker.io/cloudneutral/accounts"
"docker.io/cloudneutral/dashboard"
"docker.io/cloudneutral/rag-server"
"docker.io/cloudneutral/xcontrol-init"