@@ -35,22 +35,17 @@ jobs:
3535
3636 steps :
3737 - name : Checkout repository
38- uses : actions/checkout@v3
38+ uses : actions/checkout@v4
3939 with :
4040 submodules : recursive
41-
42- # Install the cosign tool except on PR
43- # https://github.com/sigstore/cosign-installer
44- - name : Install cosign
45- if : github.event_name != 'pull_request'
46- uses : sigstore/cosign-installer@7e0881f8fe90b25e305bbf0309761e9314607e25
47- with :
48- cosign-release : ' v1.9.0'
41+
42+ - name : Set up QEMU
43+ uses : docker/setup-qemu-action@v3
4944
5045
5146 # Workaround: https://github.com/docker/build-push-action/issues/461
5247 - name : Setup Docker buildx
53- uses : docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
48+ uses : docker/setup-buildx-action@v3
5449
5550 # Login against a Docker registry except on PR
5651 # https://github.com/docker/login-action
7772 uses : docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
7873 with :
7974 file : helpers/Dockerfile
75+ platforms : linux/amd64,linux/arm64
8076 context : .
8177 push : ${{ github.event_name != 'pull_request' }}
8278 tags : ${{ steps.meta.outputs.tags }}
8379 labels : ${{ steps.meta.outputs.labels }}
84-
85- # Sign the resulting Docker image digest except on PRs.
86- # This will only write to the public Rekor transparency log when the Docker
87- # repository is public to avoid leaking data. If you would like to publish
88- # transparency data even for private images, pass --force to cosign below.
89- # https://github.com/sigstore/cosign
90- - name : Sign the published Docker image
91- if : ${{ github.event_name != 'pull_request' }}
92- env :
93- COSIGN_EXPERIMENTAL : " true"
94- # This step uses the identity token to provision an ephemeral certificate
95- # against the sigstore community Fulcio instance.
96- run : echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
0 commit comments