diff --git a/.github/actions/docker-build-push-linux/action.yml b/.github/actions/docker-build-push-linux/action.yml new file mode 100644 index 000000000..6cc361c37 --- /dev/null +++ b/.github/actions/docker-build-push-linux/action.yml @@ -0,0 +1,65 @@ +name: Docker build for Linux +description: Build and optionally push a Linux image via docker/build-push-action + +inputs: + context: + required: true + description: Docker build context + file: + required: true + description: Dockerfile path + platforms: + required: true + description: Target platforms + push: + required: false + default: "true" + description: Whether to push the image + sbom: + required: false + default: "true" + description: Whether to generate SBOM + provenance: + required: false + default: mode=max + description: Provenance mode + tags: + required: true + description: Image tags + labels: + required: true + description: Image labels + build_args: + required: false + default: "" + description: Optional multiline build args + build_contexts: + required: false + default: "" + description: Optional multiline build contexts + +outputs: + digest: + description: Built image digest + value: ${{ steps.build.outputs.digest }} + metadata: + description: Build metadata + value: ${{ steps.build.outputs.metadata }} + +runs: + using: composite + steps: + - name: Build and optionally push image + id: build + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 + with: + context: ${{ inputs.context }} + file: ${{ inputs.file }} + platforms: ${{ inputs.platforms }} + push: ${{ inputs.push }} + provenance: ${{ inputs.provenance }} + sbom: ${{ inputs.sbom }} + tags: ${{ inputs.tags }} + labels: ${{ inputs.labels }} + build-args: ${{ inputs.build_args }} + build-contexts: ${{ inputs.build_contexts }} diff --git a/.github/actions/docker-linux-setup/action.yml b/.github/actions/docker-linux-setup/action.yml new file mode 100644 index 000000000..65a0f9aab --- /dev/null +++ b/.github/actions/docker-linux-setup/action.yml @@ -0,0 +1,54 @@ +name: Docker Linux setup +description: Set up QEMU, Docker Buildx, and optional registry login + +inputs: + auto_push_images: + required: false + default: false + description: Whether registry login is needed + + qemu_image: + required: false + default: tonistiigi/binfmt:qemu-v10.0.4 + description: QEMU binfmt image + + qemu_platforms: + required: false + default: all + description: Platforms for QEMU + + buildkit_image: + required: false + default: moby/buildkit:v0.28.1 + description: BuildKit image + + docker_username: + required: false + default: "" + description: Docker registry username + + docker_password: + required: false + default: "" + description: Docker registry password + +runs: + using: composite + steps: + - name: Set up QEMU + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + with: + image: ${{ inputs.qemu_image }} + platforms: ${{ inputs.qemu_platforms }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + with: + driver-opts: image=${{ inputs.buildkit_image }} + + - name: Login to DockerHub + if: ${{ inputs.auto_push_images == 'true' }} + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + with: + username: ${{ inputs.docker_username }} + password: ${{ inputs.docker_password }} diff --git a/.github/workflows/images_build.yml b/.github/workflows/images_build.yml index ed49de55a..6b35cb426 100644 --- a/.github/workflows/images_build.yml +++ b/.github/workflows/images_build.yml @@ -37,7 +37,6 @@ env: DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }} DOCKER_REPOSITORY: ${{ vars.DOCKER_REPOSITORY }} - LATEST_BRANCH: ${{ github.event.repository.default_branch }} TRUNK_GIT_BRANCH: "refs/heads/trunk" IMAGES_PREFIX: "zabbix-" @@ -83,7 +82,9 @@ jobs: with: ref: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || '' }} fetch-depth: 1 - sparse-checkout: ${{ env.MATRIX_FILE }} + sparse-checkout: | + ${{ env.MATRIX_FILE }} + .github - name: Check matrix file env: @@ -139,33 +140,10 @@ jobs: - name: Get branch info id: branch_info - env: - LATEST_BRANCH: ${{ env.LATEST_BRANCH }} - GITHUB_REF_RAW: ${{ env.TRUNK_ONLY_EVENT == 'true' && env.TRUNK_GIT_BRANCH || github.ref }} - run: | - github_ref="$GITHUB_REF_RAW" - sha_short="$(git rev-parse --short HEAD)" - - if [[ "$github_ref" == refs/tags/* ]]; then - github_ref="${github_ref%.*}" - fi - - github_ref="${github_ref##*/}" - - is_default_branch=false - if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then - is_default_branch=true - fi - - echo "::group::Branch data" - echo "is_default_branch=$is_default_branch" - echo "current_branch=$github_ref" - echo "sha_short=$sha_short" - echo "::endgroup::" - - echo "is_default_branch=$is_default_branch" >> "$GITHUB_OUTPUT" - echo "current_branch=$github_ref" >> "$GITHUB_OUTPUT" - echo "sha_short=$sha_short" >> "$GITHUB_OUTPUT" + uses: ./.github/actions/get-branch-info + with: + trunk_version: ${{ inputs.trunk_version }} + trunk_git_branch: ${{ env.TRUNK_GIT_BRANCH }} build_base: timeout-minutes: 30 @@ -289,21 +267,7 @@ jobs: fetch-depth: 1 - name: Install cosign - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 - - - name: Check cosign version - run: cosign version - - - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - with: - image: tonistiigi/binfmt:qemu-v10.0.4 - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - with: - driver-opts: image=moby/buildkit:v0.28.1 + uses: ./.github/actions/cosign-install - name: Prepare platform list id: platform @@ -330,21 +294,21 @@ jobs: trunk_only_event: ${{ env.TRUNK_ONLY_EVENT }} event_name: ${{ github.event_name }} - - name: Login to DockerHub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + - name: Set up Docker tooling + uses: ./.github/actions/docker-linux-setup with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + auto_push_images: true + docker_username: ${{ secrets.DOCKER_USERNAME }} + docker_password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and publish image id: docker_build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: ./.github/actions/docker-build-linux with: context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, env.BASE_BUILD_NAME, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: true - provenance: mode=max sbom: true tags: ${{ steps.meta.outputs.tags }} labels: | @@ -452,21 +416,7 @@ jobs: fetch-depth: 1 - name: Install cosign - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 - - - name: Check cosign version - run: cosign version - - - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - with: - image: tonistiigi/binfmt:qemu-v10.0.4 - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - with: - driver-opts: image=moby/buildkit:v0.28.1 + uses: ./.github/actions/cosign-install - name: Prepare platform list id: platform @@ -524,49 +474,38 @@ jobs: oidc_issuer: ${{ env.OIDC_ISSUER }} identity_regexp: ${{ env.IDENTITY_REGEX }} - - name: Login to DockerHub - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + - name: Set up Docker tooling + uses: ./.github/actions/docker-linux-setup with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + auto_push_images: true + docker_username: ${{ secrets.DOCKER_USERNAME }} + docker_password: ${{ secrets.DOCKER_PASSWORD }} - name: Build ${{ matrix.build }}/${{ matrix.os }} and push id: docker_build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: ./.github/actions/docker-build-linux with: context: ${{ format('{0}/{1}/{2}/', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} - build-contexts: | - sources=./sources/ - config_templates=./config_templates/ file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} push: true - provenance: mode=max sbom: true tags: ${{ steps.meta.outputs.tags }} - build-args: | + build_contexts: | + sources=./sources/ + config_templates=./config_templates/ + build_args: | BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - name: Sign the images with GitHub OIDC Token - env: - DIGEST: ${{ steps.docker_build.outputs.digest }} - TAGS: ${{ steps.meta.outputs.tags }} - run: | - images=() - for tag in ${TAGS}; do - images+=("${tag}@${DIGEST}") - done - - echo "::group::Images to sign" - printf '%s\n' "${images[@]}" - echo "::endgroup::" - - echo "::group::Signing" - cosign sign --yes "${images[@]}" - echo "::endgroup::" + if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + uses: ./.github/actions/cosign-sign + with: + digest: ${{ steps.docker_build.outputs.digest }} + tags: ${{ steps.meta.outputs.tags }} - name: Attest images id: attest @@ -724,22 +663,7 @@ jobs: - name: Install cosign if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 - - - name: Check cosign version - if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - run: cosign version - - - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 - with: - image: tonistiigi/binfmt:qemu-v10.0.4 - platforms: all - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 - with: - driver-opts: image=moby/buildkit:v0.28.1 + uses: ./.github/actions/cosign-install - name: Prepare platform list id: platform @@ -831,61 +755,46 @@ jobs: echo "base_build_image=${image_name}@${image_digest}" >> "$GITHUB_OUTPUT" - name: Verify ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.os }} cosign - if: ${{ matrix.build != 'snmptraps' && env.AUTO_PUSH_IMAGES == 'true' }} - env: - BASE_IMAGE: ${{ steps.base_build.outputs.base_build_image }} - OIDC_ISSUER: ${{ env.OIDC_ISSUER }} - IDENTITY_REGEX: ${{ env.IDENTITY_REGEX }} - run: | - echo "::group::Image sign data" - echo "OIDC issuer=$OIDC_ISSUER" - echo "Identity=$IDENTITY_REGEX" - echo "Image to verify=$BASE_IMAGE" - echo "::endgroup::" - - echo "::group::Verify signature" - cosign verify \ - --certificate-oidc-issuer-regexp "$OIDC_ISSUER" \ - --certificate-identity-regexp "$IDENTITY_REGEX" \ - "$BASE_IMAGE" | jq - echo "::endgroup::" - - - name: Login to DockerHub - if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: ./.github/actions/cosign-verify with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + image: ${{ steps.base_build.outputs.base_build_image }} + oidc_issuer: ${{ env.OIDC_ISSUER }} + identity_regexp: ${{ env.IDENTITY_REGEX }} + + - name: Set up Docker tooling + uses: ./.github/actions/docker-linux-setup + with: + auto_push_images: ${{ env.AUTO_PUSH_IMAGES }} + docker_username: ${{ secrets.DOCKER_USERNAME }} + docker_password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push image if: ${{ matrix.build != 'snmptraps' }} id: docker_build - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: ./.github/actions/docker-build-linux with: context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - provenance: mode=max - sbom: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + push: ${{ env.AUTO_PUSH_IMAGES }} + sbom: ${{ env.AUTO_PUSH_IMAGES }} tags: ${{ steps.meta.outputs.tags }} - build-args: | + build_args: | BUILD_BASE_IMAGE=${{ steps.base_build.outputs.base_build_image }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} org.opencontainers.image.created=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - - name: Build snmptraps image + - name: Build and push snmptraps image if: ${{ matrix.build == 'snmptraps' }} - id: docker_build_snmptraps - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + id: docker_build + uses: ./.github/actions/docker-build-linux with: context: ${{ format('{0}/{1}/{2}', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} file: ${{ format('{0}/{1}/{2}/Dockerfile', env.DOCKERFILES_DIRECTORY, matrix.build, matrix.os) }} platforms: ${{ steps.platform.outputs.list }} - push: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - provenance: mode=max - sbom: ${{ env.AUTO_PUSH_IMAGES == 'true' }} + push: ${{ env.AUTO_PUSH_IMAGES }} + sbom: ${{ env.AUTO_PUSH_IMAGES }} tags: ${{ steps.meta.outputs.tags }} labels: | org.opencontainers.image.revision=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} @@ -893,22 +802,10 @@ jobs: - name: Sign the images with GitHub OIDC Token if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - env: - DIGEST: ${{ matrix.build == 'snmptraps' && steps.docker_build_snmptraps.outputs.digest || steps.docker_build.outputs.digest }} - TAGS: ${{ steps.meta.outputs.tags }} - run: | - images=() - for tag in ${TAGS}; do - images+=("${tag}@${DIGEST}") - done - - echo "::group::Images to sign" - printf '%s\n' "${images[@]}" - echo "::endgroup::" - - echo "::group::Signing" - cosign sign --yes "${images[@]}" - echo "::endgroup::" + uses: ./.github/actions/cosign-sign + with: + digest: ${{ matrix.build == 'snmptraps' && steps.docker_build_snmptraps.outputs.digest || steps.docker_build.outputs.digest }} + tags: ${{ steps.meta.outputs.tags }} - name: Attest images if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} diff --git a/.github/workflows/images_build_rhel.yml b/.github/workflows/images_build_rhel.yml index 69f9ad167..8f4e9e3af 100644 --- a/.github/workflows/images_build_rhel.yml +++ b/.github/workflows/images_build_rhel.yml @@ -85,7 +85,9 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 with: fetch-depth: 1 - sparse-checkout: ${{ env.MATRIX_FILE }} + sparse-checkout: | + ${{ env.MATRIX_FILE }} + .github - name: Check matrix file env: @@ -147,44 +149,10 @@ jobs: - name: Get branch info id: branch_info - env: - LATEST_BRANCH: ${{ env.LATEST_BRANCH }} - GITHUB_REF_RAW: ${{ github.ref }} - TRUNK_MAJOR_VERSION: ${{ inputs.trunk_version }} - run: | - github_ref="$GITHUB_REF_RAW" - sha_short="$(git rev-parse --short HEAD)" - - if [[ "$github_ref" == refs/tags/* ]]; then - github_ref="${github_ref%.*}" - fi - - github_ref="${github_ref##*/}" - - is_default_branch=false - if [[ "$github_ref" == "$LATEST_BRANCH" ]]; then - is_default_branch=true - fi - - if [[ "${github_ref//.}" == "trunk" && -n "${TRUNK_MAJOR_VERSION:-}" ]]; then - secret_prefix="RHEL_${TRUNK_MAJOR_VERSION//.}" - else - secret_prefix="RHEL_${github_ref//.}" - fi - - echo "::group::Branch metadata" - echo "is_default_branch=$is_default_branch" - echo "current_branch=$github_ref" - echo "secret_prefix=$secret_prefix" - echo "sha_short=$sha_short" - echo "::endgroup::" - - { - echo "is_default_branch=$is_default_branch" - echo "current_branch=$github_ref" - echo "secret_prefix=$secret_prefix" - echo "sha_short=$sha_short" - } >> "$GITHUB_OUTPUT" + uses: ./.github/actions/get-branch-info + with: + trunk_version: ${{ inputs.trunk_version }} + trunk_git_branch: ${{ env.TRUNK_GIT_BRANCH }} build_base: timeout-minutes: 30 @@ -256,13 +224,13 @@ jobs: echo "image_tag_id=$TAG_ID" >> "$GITHUB_OUTPUT" echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" - - name: Cache image metadata - uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + - name: Upload artifact metadata + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: | ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag - key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + name: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - name: Push image to local storage id: push_image @@ -344,13 +312,10 @@ jobs: run: | echo "arch=${ARCH,,}" >> "$GITHUB_OUTPUT" - - name: Download metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + - name: Download artifact metadata of ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: - path: | - ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag_id - ${{ env.BASE_BUILD_NAME }}_${{ matrix.arch }}_tag - key: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} + name: ${{ env.BASE_BUILD_NAME }}-${{ matrix.arch }}-${{ github.run_id }} - name: Pull ${{ env.BASE_BUILD_NAME }}:${{ matrix.arch }} image from local storage id: base_build @@ -440,13 +405,13 @@ jobs: echo "image_tag_id=$TAG_ID" >> "$GITHUB_OUTPUT" echo "image_tag=$IMAGE_TAG" >> "$GITHUB_OUTPUT" - - name: Cache image metadata - uses: actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + - name: Upload artifact metadata + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: path: | ${{ matrix.build }}_${{ matrix.arch }}_tag_id ${{ matrix.build }}_${{ matrix.arch }}_tag - key: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} + name: ${{ matrix.build }}-${{ matrix.arch }}-${{ github.run_id }} - name: Push image to local storage id: push_image @@ -550,14 +515,11 @@ jobs: echo "build_base=$build_base" >> "$GITHUB_OUTPUT" - - name: Download metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} + - name: Download artifact metadata of ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} if: ${{ matrix.build != 'snmptraps' }} - uses: actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 with: - path: | - ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag_id - ${{ steps.build_base_image.outputs.build_base }}_${{ matrix.arch }}_tag - key: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} + name: ${{ steps.build_base_image.outputs.build_base }}-${{ matrix.arch }}-${{ github.run_id }} - name: Pull ${{ steps.build_base_image.outputs.build_base }}:${{ matrix.arch }} image id: base_build diff --git a/.github/workflows/images_build_windows.yml b/.github/workflows/images_build_windows.yml index 1ef968107..05dbef96a 100644 --- a/.github/workflows/images_build_windows.yml +++ b/.github/workflows/images_build_windows.yml @@ -71,6 +71,7 @@ jobs: with: disable-sudo: true egress-policy: block + disable-telemetry: true allowed-endpoints: > github.com:443 release-assets.githubusercontent.com:443 @@ -147,6 +148,7 @@ jobs: with: disable-sudo: true egress-policy: block + disable-telemetry: true allowed-endpoints: > aka.ms:443 api.github.com:443 @@ -220,7 +222,7 @@ jobs: type=semver,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},pattern={{version}},suffix=-${{ steps.base_os_tag.outputs.os_tag }},prefix=${{ matrix.component }}- type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-,suffix=-latest type=ref,enable=${{ needs.init_build.outputs.current_branch != 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }}-latest,prefix=${{ matrix.component }}- - type=raw,enable=${{ (needs.init_build.outputs.current_branch != 'trunk') && (needs.init_build.outputs.is_default_branch == 'true') }},value=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-latest + type=raw,enable=${{ needs.init_build.outputs.current_branch != 'trunk' && needs.init_build.outputs.is_default_branch == 'true' }},value=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}-latest type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,prefix=${{ matrix.component }}-${{ steps.base_os_tag.outputs.os_tag }}- type=ref,enable=${{ needs.init_build.outputs.current_branch == 'trunk' }},event=branch,suffix=-${{ steps.base_os_tag.outputs.os_tag }},prefix=${{ matrix.component }}- flavor: | @@ -453,6 +455,7 @@ jobs: with: disable-sudo: true egress-policy: audit + disable-telemetry: true - name: Checkout repository uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 @@ -576,12 +579,3 @@ jobs: with: subject_name: ${{ format('{0}/{1}/{2}{3}', env.DOCKER_REGISTRY, env.DOCKER_REPOSITORY, env.IMAGES_PREFIX, matrix.component ) }} subject_digest: ${{ steps.docker_build.outputs.digest }} - - - name: Print final image digest - if: ${{ env.AUTO_PUSH_IMAGES == 'true' }} - env: - DIGEST: ${{ steps.docker_build.outputs.digest }} - run: | - echo "::group::Image digest" - echo "$Env:DIGEST" - echo "::endgroup::"