chore(github): fix docker

Author: helmut-hoffer-von-ankershoffen

.copier-answers.yml

@@ -1,4 +1,4 @@
-_commit: v0.15.24-1-g7bf60db
+_commit: v0.15.24-2-gbd31d85
 _src_path: .
 attestations_enabled: true
 author_email: helmuthva@gmail.com

.github/workflows/_docker-publish.yml

@@ -33,66 +33,49 @@ jobs:
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
 
-      - name: Log in to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      - name: "(all target): Build and push Docker image"
+        id: build-and-push-all
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
-          username: ${{ secrets.DOCKER_IO_USERNAME }}
-          password: ${{ secrets.DOCKER_IO_PASSWORD }}
+          context: .
+          file: ./Dockerfile
+          target: all
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-all.outputs.tags }}
+          labels: ${{ steps.meta-all.outputs.labels }}
 
 
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Extract metadata for Docker
-        id: meta
-        uses: docker/metadata-action@38b8a86137171c128513e9be0b97bc476fbffcb5 # v5.6.0
-        with:
-          images: |
-            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template
-
-            ${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
-
-          flavor: |
-            latest=auto
-            prefix=
-            suffix=
-          tags: |
-            type=semver,pattern=v
-            type=semver,pattern=v.
-            type=semver,pattern=v
-
-      - name: Build and push Docker image (all)
-        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+      - name: "(slim target): Build and push Docker image"
+        id: build-and-push-slim
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          file: ./Dockerfile
+          target: slim
           platforms: linux/amd64,linux/arm64
-          target: all
-          provenance: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          push: true
+          tags: ${{ steps.meta-slim.outputs.tags }}
+          labels: ${{ steps.meta-slim.outputs.labels }}
+
 
-      - name: Build and push Docker image (slim)
-        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+
+
+
+      - name: "(all target): Generate artifact attestation"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
         with:
-          context: .
-          push: true
-          tags: |
-            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-slim:latest
-            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-slim:${{ github.ref_name }}
+          subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
+          subject-digest: ${{ steps.build-and-push-all.outputs.digest }}
+          push-to-registry: true
 
-            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}:latest
-            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}:${{ github.ref_name }}
 
-          labels: ${{ steps.meta.outputs.labels }}
-          platforms: linux/amd64,linux/arm64
-          target: slim
-          provenance: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+
+
+      - name: "(slim target): Generate artifact attestation"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}
+          subject-digest: ${{ steps.build-and-push-slim.outputs.digest }}
+          push-to-registry: true

template/.github/workflows/_docker-publish.yml.jinja

@@ -32,67 +32,50 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
-{% if docker_io_enabled %}
-      - name: Log in to Docker Hub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          username: {% raw %}${{ secrets.DOCKER_IO_USERNAME }}{% endraw %}
-          password: {% raw %}${{ secrets.DOCKER_IO_PASSWORD }}{% endraw %}
-{% endif %}
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: ghcr.io
-          username: {% raw %}${{ github.repository_owner }}{% endraw %}
-          password: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
-
-      - name: Extract metadata for Docker
-        id: meta
-        uses: docker/metadata-action@38b8a86137171c128513e9be0b97bc476fbffcb5 # v5.6.0
-        with:
-          images: |
-            ghcr.io/{{ github_repository_owner }}/{{ github_repository_name }}
-{% if docker_io_enabled %}
-            {% raw %}${{ env.DOCKER_IO_IMAGE_NAME_ALL }}{% endraw%}
-{% endif %}
-          flavor: |
-            latest=auto
-            prefix=
-            suffix=
-          tags: |
-            type=semver,pattern={{raw}}v{{version}}{{endraw}}
-            type=semver,pattern={{raw}}v{{major}}.{{minor}}{{endraw}}
-            type=semver,pattern={{raw}}v{{major}}{{endraw}}
-
-      - name: Build and push Docker image (all)
-        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+{% raw %}
+      - name: "(all target): Build and push Docker image"
+        id: build-and-push-all
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
-          push: true
-          tags: {% raw %}${{ steps.meta.outputs.tags }}{% endraw %}
-          labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
-          platforms: linux/amd64,linux/arm64
+          file: ./Dockerfile
           target: all
-          provenance: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta-all.outputs.tags }}
+          labels: ${{ steps.meta-all.outputs.labels }}
+{% endraw %}
 
-      - name: Build and push Docker image (slim)
-        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+{% raw %}
+      - name: "(slim target): Build and push Docker image"
+        id: build-and-push-slim
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
+          file: ./Dockerfile
+          target: slim
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: |
-            ghcr.io/{{ github_repository_owner }}/{{ github_repository_name }}-slim:latest
-            ghcr.io/{{ github_repository_owner }}/{{ github_repository_name }}-slim:{% raw %}${{ github.ref_name }}{% endraw %}
+          tags: ${{ steps.meta-slim.outputs.tags }}
+          labels: ${{ steps.meta-slim.outputs.labels }}
+{% endraw %}
+
 {% if docker_io_enabled %}
-            {% raw %}${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}{% endraw %}:latest
-            {% raw %}${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}{% endraw %}:{% raw %}${{ github.ref_name }}{% endraw %}
-{% endif %}
-          labels: {% raw %}${{ steps.meta.outputs.labels }}{% endraw %}
-          platforms: linux/amd64,linux/arm64
-          target: slim
-          provenance: true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+{% if attestations_enabled %}
+{% raw %}
+      - name: "(all target): Generate artifact attestation"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
+          subject-digest: ${{ steps.build-and-push-all.outputs.digest }}
+          push-to-registry: true{% endraw %}{% endif %}{% endif %}
+
+{% if docker_io_enabled %}
+{% if attestations_enabled %}
+{% raw %}
+      - name: "(slim target): Generate artifact attestation"
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-name: ${{ env.DOCKER_IO_REGISTRY }}/${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}
+          subject-digest: ${{ steps.build-and-push-slim.outputs.digest }}
+          push-to-registry: true{% endraw %}{% endif %}{% endif %}