Reorder + try fix

2024-10-11 23:07:41 +02:00 · 2024-10-11 23:07:41 +02:00 · 11d0dd18a8
commit 11d0dd18a8
parent f9ef5bf07b
1 changed files with 14 additions and 13 deletions
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@ -33,6 +33,11 @@ jobs:

      - name: Checkout
        uses: https://github.com/actions/checkout@v3
+        with:
+          fetch-depth: 1
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.7.0

      - name: Set up QEMU
        uses: https://github.com/docker/setup-qemu-action@v3
@ -42,6 +47,13 @@ jobs:
      - name: Set up Docker Buildx
        uses: https://github.com/docker/setup-buildx-action@v3

+      - name: Login to Container Registry
+        uses: https://github.com/docker/login-action@v3
+        with:
+          registry: gitea.mrdev023.fr
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
+
      # Build metadata
      - name: Image Metadata
        uses: https://github.com/docker/metadata-action@v5
@ -55,13 +67,6 @@ jobs:
            org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
            org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}

-      - name: Login to Container Registry
-        uses: https://github.com/docker/login-action@v3
-        with:
-          registry: gitea.mrdev023.fr
-          username: ${{ secrets.USERNAME }}
-          password: ${{ secrets.PASSWORD }}
-
      # Build and push image using Docker Build and Push action
      - name: Build and Push Image
        uses: https://github.com/docker/build-push-action@v5
@ -76,16 +81,12 @@ jobs:
      # using Cosign and save the private key as a repository secret in Github for this workflow
      # to consume. For more details, review the image signing section of the README.

-      # Sign container
-      - name: Install cosign
-        uses: https://github.com/sigstore/cosign-installer@v3.5.0
-        if: gitea.event_name != 'pull_request'
-
      - name: Sign container image
        if: gitea.event_name != 'pull_request'
        run: |
-          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY gitea.mrdev023.fr/florian.richer/${{ env.MY_IMAGE_NAME }}:latest
        env:
          TAGS: ${{ steps.push.outputs.digest }}
          COSIGN_EXPERIMENTAL: false
          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+          COSIGN_PASSWORD: ""