From 2c7b1f1d36f0f5499182676b504ede71796d0083 Mon Sep 17 00:00:00 2001 From: Nicolas Duchon Date: Fri, 17 May 2024 12:43:42 +0200 Subject: [PATCH] ci: attempt to fix DCT key --- .github/workflows/build-publish-signed.yml | 25 +++++++++++++--------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-publish-signed.yml b/.github/workflows/build-publish-signed.yml index 7bb8c0e..b658a1e 100644 --- a/.github/workflows/build-publish-signed.yml +++ b/.github/workflows/build-publish-signed.yml @@ -21,21 +21,24 @@ jobs: with: fetch-depth: 0 - - name: Load DCT delegation key - env: - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }} - DCT_KEY_BASE64: ${{ secrets.DCT_KEY_BASE64 }} - run: | - echo "$DCT_KEY_BASE64" | base64 -d > delegation.key - chmod 600 delegation.key - docker trust key load delegation.key --name gha - - name: Login to DockerHub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Load DCT delegation key + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DCT_KEY_PASSPHRASE }} + DCT_KEY_PATH: ~/.docker/trust/private/${{ vars.DCT_KEY_ID }}.key + run: | + mkdir -p ~/.docker/trust/private + chmod -R 700 ~/.docker/trust + echo "${{ secrets.DCT_KEY }}" > "$DCT_KEY_PATH" + chmod 600 "$DCT_KEY_PATH" + docker trust key load "$DCT_KEY_PATH" + - name: Build the image run: docker build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} . @@ -50,4 +53,6 @@ jobs: docker trust inspect --pretty ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} - name: Remove DCT delegation key - run: rm delegation.key + if: always() + run: | + rm -rf ~/.docker/trust/private