Update Ghost version and add image signing step

sredevopsorg · Mar 15, 2024 · bc16265 · bc16265
1 parent 7122acf
commit bc16265
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/.github/workflows/build-custom-image.yaml b/.github/workflows/build-custom-image.yaml
@@ -17,7 +17,7 @@ on:
       ghost_version:
         description: 'Ghost version'
         required: false
-        default: '5.80.0'
+        default: '5.80.2'
         type: string
 
 jobs:
@@ -149,6 +149,17 @@ jobs:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
 
+      - name: Sign the images with GitHub OIDC Token
+        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.meta.outputs.tags }}
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}
       -
         name: Build pull request
         uses: docker/build-push-action@v5

diff --git a/Dockerfile b/Dockerfile
@@ -37,7 +37,7 @@ USER root
 
 # Move the original content directory to a backup location, create a new content directory, set the correct ownership and permissions, and switch back to the "node" user
 RUN mv -v $GHOST_CONTENT $GHOST_CONTENT_ORIGINAL && \
-  rm -rfv $GHOST_CONTENT_ORIGINAL && \
+  rm -rf $GHOST_CONTENT_ORIGINAL && \
   mkdir -pv $GHOST_CONTENT && \
   chown -R node:node $GHOST_INSTALL && \
   chmod 1777 $GHOST_CONTENT