Skip to content

Commit

Permalink
adds provenance: false
Browse files Browse the repository at this point in the history 
docker/buildx#1533

our ecr repository has multiple shards of different images and it's hard
to tell when vulnerability scans are accurate or not when the images are
in multiple pieces like they are now.

also bumps other action versions to more current versions
  • Loading branch information
@gabeio
gabeio committed Feb 21, 2024
1 parent 742ac95 commit bf3a8d8
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 12 deletions.
13 changes: 7 additions & 6 deletions .github/workflows/production.yml
View file
Expand Up @@ -15,15 +15,15 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3

-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2

-
name: Cache Docker layers
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ secrets.CACHE_KEY }}-${{ github.sha }}
Expand All @@ -40,15 +40,15 @@ jobs:

-
name: Login to ECR
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

-
name: Login to ECR
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_2 }}.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
Expand All @@ -57,8 +57,9 @@ jobs:
-
name: Build and push container
id: docker_build
uses: docker/build-push-action@v2
uses: docker/build-push-action@v4
with:
provenance: false
push: true
context: ./customize
build-args: |
Expand Down
13 changes: 7 additions & 6 deletions .github/workflows/staging.yml
View file
Expand Up @@ -15,15 +15,15 @@ jobs:
steps:
-
name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3

-
name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2

-
name: Cache Docker layers
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ secrets.CACHE_KEY }}-${{ github.sha }}
Expand All @@ -40,15 +40,15 @@ jobs:

-
name: Login to ECR
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

-
name: Login to ECR
uses: docker/login-action@v1
uses: docker/login-action@v2
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION_2 }}.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
Expand All @@ -57,8 +57,9 @@ jobs:
-
name: Build and push container
id: docker_build
uses: docker/build-push-action@v2
uses: docker/build-push-action@v4
with:
provenance: false
push: true
context: ./customize
build-args: |
Expand Down

0 comments on commit bf3a8d8

Please sign in to comment.