Refactor Docker image build and push workflow

codebytes · Feb 14, 2024 · a74215f · a74215f
1 parent cb24a02
commit a74215f
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -52,26 +52,37 @@ jobs:
 
  - name: Build Docker Image
  uses: docker/build-push-action@v5
- id: build-and-push
+ id: build
  with:
  context: src/SampleApi
- push: ${{ github.event_name != 'pull_request' }}
- tags: ${{ steps.meta.outputs.tags }}
+ push: false
+ tags: ${{ env.IMAGE_NAME }}:${{ env.TAG }}
  labels: ${{ steps.meta.outputs.labels }}
  cache-from: type=gha
  cache-to: type=gha,mode=max
+
  - name: Run Trivy vulnerability scanner
  if: ${{ github.event_name != 'pull_request' }}
  uses: aquasecurity/trivy-action@master
  with:
- image-ref: ${{ fromJSON(steps.build-and-push.outputs.metadata)['image.name'] }}
+ image-ref: ${{ fromJSON(steps.build.outputs.metadata)['image.name'] }}
  format: 'github'
  github-pat: ${{ github.token }}
  env:
  TRIVY_USERNAME: Username
  TRIVY_PASSWORD: Password
 
- # Sign the resulting Docker image digest except on PRs.
+ - name: Build Docker Image
+ uses: docker/build-push-action@v5
+ id: build-and-push
+ with:
+ context: src/SampleApi
+ push: ${{ github.event_name != 'pull_request' }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}
+ cache-from: type=gha
+ cache-to: type=gha,mode=max
+ # Sign the resulting Docker image digest except on PRs.
  # This will only write to the public Rekor transparency log when the Docker
  # repository is public to avoid leaking data. If you would like to publish
  # transparency data even for private images, pass --force to cosign below.