fix(ci): use lowercase image name for GHCR in nightly build
GHCR stores images with lowercase names only. The SBOM action was using the mixed-case github.repository value which caused Syft to fail when trying to pull the image. Add IMAGE_NAME_LC environment variable with lowercase image name Update SBOM action, Trivy scan, and docker commands to use lowercase Applied to all jobs: build-and-push-nightly, test-nightly-image, verify-nightly-supply-chain Fixes nightly-build.yml workflow failure in "Generate SBOM" step
This commit is contained in:
GitHub Actions
17
.github/workflows/nightly-build.yml
vendored
17
.github/workflows/nightly-build.yml
vendored
@@ -39,6 +39,9 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set lowercase image name
|
||||
run: echo "IMAGE_NAME_LC=${IMAGE_NAME,,}" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0
|
||||
|
||||
@@ -84,7 +87,7 @@ jobs:
|
||||
- name: Generate SBOM
|
||||
uses: anchore/sbom-action@0b82b0b1a22399a1c542d4d656f70cd903571b5c # v0.21.1
|
||||
with:
|
||||
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly
|
||||
image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}:nightly
|
||||
format: cyclonedx-json
|
||||
output-file: sbom-nightly.json
|
||||
|
||||
@@ -106,6 +109,9 @@ jobs:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
|
||||
- name: Set lowercase image name
|
||||
run: echo "IMAGE_NAME_LC=${IMAGE_NAME,,}" >> $GITHUB_ENV
|
||||
|
||||
- name: Log in to GitHub Container Registry
|
||||
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
|
||||
with:
|
||||
@@ -114,13 +120,13 @@ jobs:
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Pull nightly image
|
||||
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly
|
||||
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}:nightly
|
||||
|
||||
- name: Run container smoke test
|
||||
run: |
|
||||
docker run --name charon-nightly -d \
|
||||
-p 8080:8080 \
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly
|
||||
${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}:nightly
|
||||
|
||||
# Wait for container to start
|
||||
sleep 10
|
||||
@@ -196,6 +202,9 @@ jobs:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
|
||||
|
||||
- name: Set lowercase image name
|
||||
run: echo "IMAGE_NAME_LC=${IMAGE_NAME,,}" >> $GITHUB_ENV
|
||||
|
||||
- name: Download SBOM
|
||||
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
|
||||
with:
|
||||
@@ -211,7 +220,7 @@ jobs:
|
||||
- name: Scan with Trivy
|
||||
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
|
||||
with:
|
||||
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:nightly
|
||||
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_LC }}:nightly
|
||||
format: 'sarif'
|
||||
output: 'trivy-nightly.sarif'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user