From bc162656ccfa791b04b3b979b34ef084eab31a36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Georger?= Date: Fri, 15 Mar 2024 20:18:18 -0300 Subject: [PATCH] Update Ghost version and add image signing step --- .github/workflows/build-custom-image.yaml | 13 ++++++++++++- Dockerfile | 2 +- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-custom-image.yaml b/.github/workflows/build-custom-image.yaml index dc23867..e9daf4b 100644 --- a/.github/workflows/build-custom-image.yaml +++ b/.github/workflows/build-custom-image.yaml @@ -17,7 +17,7 @@ on: ghost_version: description: 'Ghost version' required: false - default: '5.80.0' + default: '5.80.2' type: string jobs: @@ -149,6 +149,17 @@ jobs: COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} DIGEST: ${{ steps.build-and-push.outputs.digest }} + - name: Sign the images with GitHub OIDC Token + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + env: + DIGEST: ${{ steps.build-and-push.outputs.digest }} + TAGS: ${{ steps.meta.outputs.tags }} + run: | + images="" + for tag in ${TAGS}; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes ${images} - name: Build pull request uses: docker/build-push-action@v5 diff --git a/Dockerfile b/Dockerfile index 4f19e13..c53e013 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ USER root # Move the original content directory to a backup location, create a new content directory, set the correct ownership and permissions, and switch back to the "node" user RUN mv -v $GHOST_CONTENT $GHOST_CONTENT_ORIGINAL && \ - rm -rfv $GHOST_CONTENT_ORIGINAL && \ + rm -rf $GHOST_CONTENT_ORIGINAL && \ mkdir -pv $GHOST_CONTENT && \ chown -R node:node $GHOST_INSTALL && \ chmod 1777 $GHOST_CONTENT