From 4ff549caa31e3ad5b647b429220bcfd0fa333205 Mon Sep 17 00:00:00 2001 From: Leonardo Rodrigues de Mello Date: Thu, 15 Feb 2024 11:08:42 -0500 Subject: [PATCH] Configure OS security updates Configure OS security updates forcing docker to not use cache when building from schedule and tags. Signed-off-by: Leonardo Rodrigues de Mello --- .github/workflows/docker-buid-publish.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-buid-publish.yml b/.github/workflows/docker-buid-publish.yml index e8db2f7..8c9cd03 100644 --- a/.github/workflows/docker-buid-publish.yml +++ b/.github/workflows/docker-buid-publish.yml @@ -71,8 +71,9 @@ jobs: # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - - name: Build and push Docker image + - name: Build and push Docker image with cache id: build-and-push + if: github.event_name != 'schedule' || startsWith(github.ref, 'refs/tags/v') != true uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: context: . @@ -81,7 +82,20 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push without cache + id: build-and-push-nocache + if: github.event_name == 'schedule' && startsWith(github.ref, 'refs/tags/v') == true + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + no-cache-filters: build + cache-from: type=gha + cache-to: type=gha,mode=max # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish