From d2a90bd453f83c3a7a1b1963a5862dd2e8d45b46 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Sat, 25 Apr 2026 14:18:19 +0200 Subject: [PATCH 01/13] Add image metadata composite action --- .github/actions/image-metadata/README.md | 52 +++++++ .github/actions/image-metadata/action.yml | 129 ++++++++++++++++++ .../ci-docker-build-publish-image.yml | 33 ++--- ...docker-build-publish-integrasjonspunkt.yml | 23 ++-- ...ci-docker-build-scan-integrasjonspunkt.yml | 42 ++---- .../ci-quarkus-build-publish-image.yml | 13 +- .../ci-spring-boot-build-publish-image.yml | 46 ++----- .../ci-spring-boot-container-scan.yml | 20 ++- 8 files changed, 250 insertions(+), 108 deletions(-) create mode 100644 .github/actions/image-metadata/README.md create mode 100644 .github/actions/image-metadata/action.yml diff --git a/.github/actions/image-metadata/README.md b/.github/actions/image-metadata/README.md new file mode 100644 index 00000000..eb1c46f8 --- /dev/null +++ b/.github/actions/image-metadata/README.md @@ -0,0 +1,52 @@ +# GitHub Action: Image metadata + +Author: **Digdir Platform Team** + +## Description + +This composite action generates Docker image metadata for workflows that need a consistent image name and tag. + +It supports: + +- custom image tags via `image-tag` +- package-version-based tags via `package-version` +- explicit version strings via `version` +- snapshot stripping when building from `main` or tag refs +- auto-generated tags when no explicit tag is provided +- container registry selection via `container-registry` or `registry-url` +- automatic image-name fallback to the current repository name + +## Inputs + +| Input | Description | Required | Default | +| :---- | :---------- | :------- | :------ | +| `image-name` | Docker image name without registry. Defaults to repository name if unset. | false | `""` | +| `container-registry` | Container registry host (e.g. `creiddev.azurecr.io`, `ghcr.io`). | false | `""` | +| `registry-url` | Alternate registry URL if `container-registry` is not provided. | false | `""` | +| `image-tag` | Custom image tag. Overrides auto-generation. | false | `""` | +| `package-version` | Use package version as image tag when provided. | false | `""` | +| `version` | Use explicit version string as image tag when provided. | false | `""` || `version-pom-path` | Evaluate Maven `pom.xml` to derive the version when no explicit tag is provided. | false | `` || `strip-snapshot` | Strip `-SNAPSHOT` from version when building from `main` or tag refs. | false | `false` | +| `auto-generate-tag` | Generate a tag from the date and SHA when no explicit tag is provided. | false | `true` | + +## Outputs + +| Output | Description | +| :----- | :---------- | +| `image-name` | Fully qualified image name including registry. | +| `image-tag` | Image tag. | + +## Example usage + +```yaml +steps: + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: my-app + container-registry: creiddev.azurecr.io +``` + +## How it works + +The action validates registry and image-name inputs, chooses the best available tag source, and writes both values to outputs for later build, scan, and publishing steps. diff --git a/.github/actions/image-metadata/action.yml b/.github/actions/image-metadata/action.yml new file mode 100644 index 00000000..51927ef6 --- /dev/null +++ b/.github/actions/image-metadata/action.yml @@ -0,0 +1,129 @@ +name: Image metadata +description: Composite action for generating container image metadata +author: Digdir Platform Team + +inputs: + image-name: + description: Container image name without registry. If unset, the repository name is used. + default: "" + required: false + container-registry: + description: Container registry host (e.g. creiddev.azurecr.io or ghcr.io). + default: "" + required: false + registry-url: + description: Alternate registry URL if container-registry is not provided. + default: "" + required: false + image-tag: + description: Custom image tag. If set, this is used instead of auto-generation. + default: "" + required: false + package-version: + description: Package version used as image tag when provided. + default: "" + required: false + version: + description: Version string used as image tag when provided. + default: "" + required: false + version-pom-path: + description: Maven pom.xml path used to derive image tag when version is not provided. + default: "" + required: false + strip-snapshot: + description: Strip '-SNAPSHOT' from version when building from main or tag refs. + default: "false" + required: false + auto-generate-tag: + description: Whether an image tag should be auto-generated when no explicit tag is provided. + default: "true" + required: false + +outputs: + image-name: + description: The fully qualified image name + value: ${{ steps.image-metadata.outputs.image-name }} + image-tag: + description: The image tag + value: ${{ steps.image-metadata.outputs.image-tag }} + +runs: + using: composite + steps: + - name: Start image metadata + shell: bash + run: | + echo "### Image metadata" >> "$GITHUB_STEP_SUMMARY" + + - name: Determine image name + shell: bash + env: + REPOSITORY_NAME: ${{ env.REPOSITORY_NAME }} + run: | + registry="${{ inputs.container-registry }}" + if [ -z "$registry" ]; then + registry="${{ inputs.registry-url }}" + fi + + if [ -z "$registry" ]; then + echo "::error:: Missing container-registry or registry-url input." + echo "> [!WARNING]" + echo "> **Input validation failed:** You must provide either container-registry or registry-url." >> "$GITHUB_STEP_SUMMARY" + exit 1 + fi + + image_name="${{ inputs.image-name }}" + if [ -z "$image_name" ]; then + if [ -n "$REPOSITORY_NAME" ]; then + image_name="$REPOSITORY_NAME" + else + image_name="${{ github.event.repository.name }}" + fi + fi + + if [ "$registry" = "ghcr.io" ]; then + image_name="$registry/${{ github.repository_owner }}/$image_name" + else + image_name="$registry/$image_name" + fi + + echo "image-name=$image_name" >> "$GITHUB_OUTPUT" + echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" + + - name: Determine image tag + shell: bash + run: | + if [ -n "${{ inputs.image-tag }}" ]; then + image_tag="${{ inputs.image-tag }}" + echo "- Using custom image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + elif [ -n "${{ inputs.package-version }}" ]; then + image_tag="${{ inputs.package-version }}" + echo "- Using package version as image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + elif [ -n "${{ inputs.version }}" ]; then + image_tag="${{ inputs.version }}" + echo "- Using provided version as image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + elif [ -n "${{ inputs.version-pom-path }}" ]; then + VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout -f "${{ inputs.version-pom-path }}" 2>/dev/null || true) + if [ -n "$VERSION" ] && [ "$VERSION" != "null" ]; then + image_tag="$VERSION" + if [[ "${{ inputs.strip-snapshot }}" == "true" ]] && ([[ "$GITHUB_REF" == "refs/heads/main" ]] || [[ "$GITHUB_REF" =~ ^refs/tags/ ]]); then + image_tag="${image_tag/-SNAPSHOT/}" + fi + echo "- Using Maven version as image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + else + image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} + echo "- Fallback auto-generated image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + fi + elif [[ "${{ inputs.auto-generate-tag }}" == "true" ]]; then + image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} + echo "- Auto-generated image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + else + echo "::error:: No image tag available. Provide image-tag, package-version, version, or allow auto-generate-tag." + echo "> [!WARNING]" + echo "> **Input validation failed:** No image tag was provided and auto-generate-tag is disabled." >> "$GITHUB_STEP_SUMMARY" + exit 1 + fi + + echo "image-tag=$image_tag" >> "$GITHUB_OUTPUT" + echo "- Image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index c5e2de35..b850e291 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -92,7 +92,7 @@ jobs: runs-on: ubuntu-latest outputs: - image-tag: ${{ steps.set-image-tag.outputs.image-tag }} + image-tag: ${{ steps.image-metadata.outputs.image-tag }} image-digest: ${{ steps.set-image-digest.outputs.image-digest }} permissions: @@ -100,19 +100,12 @@ jobs: contents: write steps: - - name: Set image tag - id: set-image-tag - run: | - image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} - echo "image-tag=$image_tag" >> "$GITHUB_OUTPUT" - echo "- Image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - - - name: Set image name - id: set-image-name - run: | - image_name=${{ inputs.container-registry }}/${{ inputs.image-name || github.event.repository.name }} - echo "image-name=$image_name" >> "$GITHUB_OUTPUT" - echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + container-registry: ${{ inputs.container-registry }} - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 @@ -120,15 +113,15 @@ jobs: - name: Build image run: | if [ "${{ inputs.add-git-package-token }}" = "true" ]; then - docker build --tag ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} --file docker/Dockerfile --build-arg GIT_PACKAGE_TOKEN=${{ secrets.GITHUB_TOKEN }} . + docker build --tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} --file docker/Dockerfile --build-arg GIT_PACKAGE_TOKEN=${{ secrets.GITHUB_TOKEN }} . else - docker build --tag ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} --file ${{ inputs.application-path }}/Dockerfile . + docker build --tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} --file ${{ inputs.application-path }}/Dockerfile . fi - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} @@ -152,13 +145,13 @@ jobs: ACR_NAME: ${{ inputs.container-registry }} - name: "Push image" - run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + run: docker push ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} - name: Set image digest id: set-image-digest run: | image_digest=$(docker inspect \ - --format='{{.RepoDigests}}' ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} \ + --format='{{.RepoDigests}}' ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ | cut -d '@' -f 2 \ | cut -d ']' -f 1) echo "image-digest=$image_digest" >> "$GITHUB_OUTPUT" @@ -178,7 +171,7 @@ jobs: if: ${{ inputs.image-signing == true }} uses: felleslosninger/github-workflows/.github/actions/image-signing@main with: - image: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + image: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} notify-on-errors: runs-on: ubuntu-latest diff --git a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml index 0c120f5c..e282a570 100644 --- a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml @@ -133,17 +133,18 @@ jobs: run: | mvn -B clean package -DskipTests -pl integrasjonspunkt -am - - name: Set image name - id: set-image-name - run: | - image_name=${{ inputs.registry-url }}/${{ inputs.image-name || github.event.repository.name }} - echo "image-name=$image_name" >> "$GITHUB_OUTPUT" - echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + registry-url: ${{ inputs.registry-url }} + package-version: ${{ inputs.package-version }} - name: Build image run: | docker build \ - --tag ${{ steps.set-image-name.outputs.image-name }}:${{ inputs.package-version }} \ + --tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ --file ${{ inputs.application-path }}/docker/Dockerfile \ --build-arg GIT_PACKAGE_TOKEN=${{ secrets.GH_PACKAGES_READ_PAT }} \ --build-arg GIT_PACKAGE_USERNAME=${{ secrets.GH_PACKAGES_READ_USER }} \ @@ -152,7 +153,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ inputs.package-version }} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} @@ -171,13 +172,13 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: "Push image" - run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ inputs.package-version }} + run: docker push ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} - name: Set image digest id: set-image-digest run: | image_digest=$(docker inspect \ - --format='{{.RepoDigests}}' ${{ steps.set-image-name.outputs.image-name }}:${{ inputs.package-version }} \ + --format='{{.RepoDigests}}' ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ | cut -d '@' -f 2 \ | cut -d ']' -f 1) echo "image-digest=$image_digest" >> "$GITHUB_OUTPUT" @@ -197,7 +198,7 @@ jobs: if: ${{ inputs.image-signing == true }} uses: felleslosninger/github-workflows/.github/actions/image-signing@main with: - image: ${{ steps.set-image-name.outputs.image-name }}:${{ inputs.package-version }} + image: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} notify-on-errors: runs-on: ubuntu-latest diff --git a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml index 467a127f..ebbdb9e1 100644 --- a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml @@ -100,7 +100,7 @@ jobs: TRIVY_OFFLINE_SCAN: ${{ inputs.container-scan-offline-mode }} outputs: - image-tag: ${{ steps.set-image-tag.outputs.image-tag }} + image-tag: ${{ steps.image-metadata.outputs.image-tag }} permissions: id-token: write @@ -117,39 +117,19 @@ jobs: distribution: "${{ inputs.java-distribution }}" java-version: ${{ inputs.java-version }} - - name: Set image tag from pom.xml - id: set-image-tag - run: | - # Extract version from pom.xml - VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout -f ${{ inputs.application-path }}/pom.xml) - - if [ -n "$VERSION" ] && [ "$VERSION" != "null" ]; then - # Use the version from pom.xml - image_tag="${VERSION}" - - # Remove -SNAPSHOT if present for production builds - if [[ "${{ github.ref }}" == "refs/heads/main" || "${{ github.ref }}" =~ ^refs/tags/ ]]; then - image_tag=${image_tag/-SNAPSHOT/} - fi - else - # Fallback to date-based tag if version not found - image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} - fi - - echo "image-tag=$image_tag" >> "$GITHUB_OUTPUT" - echo "- Image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - - - name: Set image name - id: set-image-name - run: | - image_name=${{ inputs.registry-url }}/${{ inputs.image-name || github.event.repository.name }} - echo "image-name=$image_name" >> "$GITHUB_OUTPUT" - echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + registry-url: ${{ inputs.registry-url }} + version-pom-path: ${{ inputs.application-path }}/pom.xml + strip-snapshot: true - name: Build image run: | docker build \ - --tag ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} \ + --tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ --file ${{ inputs.application-path }}/docker/Dockerfile \ --build-arg GIT_PACKAGE_TOKEN=${{ secrets.GH_PACKAGES_READ_PAT }} \ --build-arg GIT_PACKAGE_USERNAME=${{ secrets.GH_PACKAGES_READ_USER }} \ @@ -158,7 +138,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index 09a3d5af..cd9dfecb 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -125,12 +125,17 @@ jobs: contents: write steps: - - name: Set imagetag as env variable - run: echo "IMAGETAG=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8}" >> "$GITHUB_ENV" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + container-registry: ${{ inputs.container-registry }} - - name: Set IMAGE-NAME env variable + - name: Set image env variables run: | - echo "IMAGE-NAME=${{ inputs.container-registry }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" + echo "IMAGETAG=${{ steps.image-metadata.outputs.image-tag }}" >> "$GITHUB_ENV" + echo "IMAGE-NAME=${{ steps.image-metadata.outputs.image-name }}" >> "$GITHUB_ENV" - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index 4c9686bc..aff8230b 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -124,7 +124,7 @@ jobs: build-publish-image: runs-on: ubuntu-latest outputs: - image-tag: ${{ steps.set-image-tag.outputs.image-tag }} + image-tag: ${{ steps.image-metadata.outputs.image-tag }} image-digest: ${{ steps.set-image-digest.outputs.image-digest }} permissions: @@ -133,29 +133,13 @@ jobs: packages: write steps: - - name: Set image tag - id: set-image-tag - run: | - if [ -n "${{ inputs.image-tag }}" ]; then - image_tag="${{ inputs.image-tag }}" - echo "- Using custom image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - else - image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} - echo "- Using auto-generated tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - fi - echo "image-tag=$image_tag" >> "$GITHUB_OUTPUT" - echo "- Image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - - - name: Set image name - id: set-image-name - run: | - if [[ "${{ inputs.container-registry }}" == "ghcr.io" ]]; then - image_name=${{ inputs.container-registry }}/${{ github.repository_owner }}/${{ inputs.image-name || github.event.repository.name }} - else - image_name=${{ inputs.container-registry }}/${{ inputs.image-name || github.event.repository.name }} - fi - echo "image-name=$image_name" >> "$GITHUB_OUTPUT" - echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + container-registry: ${{ inputs.container-registry }} + image-tag: ${{ inputs.image-tag }} - name: Checkout repository uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 @@ -177,7 +161,7 @@ jobs: MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} run: | if [ "${{ inputs.update-versions }}" == "true" ]; then - mvn versions:set -B -DnewVersion="${{ steps.set-image-tag.outputs.image-tag }}" + mvn versions:set -B -DnewVersion="${{ steps.image-metadata.outputs.image-tag }}" echo "- \`mvn versions\` was executed" >> "$GITHUB_STEP_SUMMARY" else echo "- \`mvn versions\` was not executed" >> "$GITHUB_STEP_SUMMARY" @@ -191,7 +175,7 @@ jobs: run: | mvn install -B spring-boot:build-image \ -pl ${{ inputs.module-name }} -am \ - -Dspring-boot.build-image.imageName=${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} \ + -Dspring-boot.build-image.imageName=${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} \ -Dspring-boot.build-image.createdDate=now @@ -203,14 +187,14 @@ jobs: run: | mvn -B spring-boot:build-image \ --file ${{ inputs.application-path }}pom.xml \ - -Dspring-boot.build-image.imageName=${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} \ + -Dspring-boot.build-image.imageName=${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} \ -Dspring-boot.build-image.createdDate=now - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} @@ -245,13 +229,13 @@ jobs: ACR_NAME: ${{ inputs.container-registry }} - name: Push image - run: docker push ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + run: docker push ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} - name: Set image digest id: set-image-digest run: | image_digest=$(docker inspect \ - --format='{{.RepoDigests}}' ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} \ + --format='{{.RepoDigests}}' ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ | cut -d '@' -f 2 \ | cut -d ']' -f 1) echo "image-digest=$image_digest" >> "$GITHUB_OUTPUT" @@ -271,7 +255,7 @@ jobs: if: ${{ inputs.image-signing == true }} uses: felleslosninger/github-workflows/.github/actions/image-signing@main with: - image: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + image: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} notify-on-errors: runs-on: ubuntu-latest diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index 1320e901..1d005091 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -92,14 +92,12 @@ jobs: DOCKLE_HOST: "unix:///var/run/docker.sock" TRIVY_OFFLINE_SCAN: ${{ inputs.container-scan-offline-mode }} steps: - - name: Set image tag - id: set-image-tag - run: echo "image-tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8}" >> "$GITHUB_OUTPUT" - - - name: Set image name - id: set-image-name - run: | - echo "image-name=${{ inputs.registry-url }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_OUTPUT" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + registry-url: ${{ inputs.registry-url }} - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 @@ -120,19 +118,19 @@ jobs: env: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - run: mvn install -DskipTests -B spring-boot:build-image -pl ${{ inputs.module-name }} -am -Dspring-boot.build-image.imageName=${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} + run: mvn install -DskipTests -B spring-boot:build-image -pl ${{ inputs.module-name }} -am -Dspring-boot.build-image.imageName=${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} - name: Build image with Maven (application-path, skips tests) if: inputs.module-name == '' env: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - run: mvn -DskipTests -B spring-boot:build-image --file ${{ inputs.application-path }}pom.xml -Dspring-boot.build-image.imageName=${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} + run: mvn -DskipTests -B spring-boot:build-image --file ${{ inputs.application-path }}pom.xml -Dspring-boot.build-image.imageName=${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} -Dspring-boot.build-image.builder=paketobuildpacks/${{ inputs.image-pack }}:${{ inputs.image-pack-tag }} - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{ steps.set-image-name.outputs.image-name }}:${{ steps.set-image-tag.outputs.image-tag }} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} From a716eb3dd1ccfb384d3b59a1ef4a5433a193ad30 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 13:42:08 +0200 Subject: [PATCH 02/13] Fix image metadata output use after SBOM composite migration --- .github/workflows/ci-docker-build-publish-image.yml | 6 +++--- .../workflows/ci-docker-build-publish-integrasjonspunkt.yml | 4 ++-- .github/workflows/ci-spring-boot-build-publish-image.yml | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index b850e291..5351f311 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -161,9 +161,9 @@ jobs: uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image - artifact-id: ${{ steps.set-image-name.outputs.image-name }} - image-ref: "${{ steps.set-image-name.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" - version: ${{ steps.set-image-tag.outputs.image-tag }} + artifact-id: ${{ steps.image-metadata.outputs.image-name }} + image-ref: "${{ steps.image-metadata.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" + version: ${{ steps.image-metadata.outputs.image-tag }} # This is already done in Trivy vuln scan step skip-setup: true diff --git a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml index e282a570..273f6d36 100644 --- a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml @@ -188,8 +188,8 @@ jobs: uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image - artifact-id: ${{ steps.set-image-name.outputs.image-name }} - image-ref: "${{ steps.set-image-name.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" + artifact-id: ${{ steps.image-metadata.outputs.image-name }} + image-ref: "${{ steps.image-metadata.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" version: ${{ inputs.package-version }} # This is already done in Trivy vuln scan step skip-setup: true diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index aff8230b..d210f2a4 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -245,9 +245,9 @@ jobs: uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image - artifact-id: ${{ steps.set-image-name.outputs.image-name }} - image-ref: "${{ steps.set-image-name.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" - version: ${{ steps.set-image-tag.outputs.image-tag }} + artifact-id: ${{ steps.image-metadata.outputs.image-name }} + image-ref: "${{ steps.image-metadata.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" + version: ${{ steps.image-metadata.outputs.image-tag }} # This is already done in Trivy vuln scan step skip-setup: true From 18f04c32f36981e0d2404e76471aa72d16d0d5c9 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 13:42:59 +0200 Subject: [PATCH 03/13] Get rid of all env. vars and consolidate digest use in Quarkus --- .../ci-quarkus-build-publish-image.yml | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index cd9dfecb..4a196c39 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -178,7 +178,7 @@ jobs: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} run: | - pack build ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} \ + pack build ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ --path . \ --buildpack docker://paketobuildpacks/quarkus \ --buildpack docker://paketobuildpacks/java-native-image \ @@ -198,7 +198,7 @@ jobs: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} run: | - pack build ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} \ + pack build ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ --path . \ --buildpack docker://paketobuildpacks/quarkus \ --buildpack docker://paketobuildpacks/java \ @@ -213,7 +213,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{ env.IMAGE-NAME }}:${{ env.IMAGETAG }} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} library-severity: ${{ inputs.trivy-library-severity }} @@ -235,23 +235,25 @@ jobs: ACR_NAME: ${{ inputs.container-registry }} - name: Push image - run: docker push ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} + run: docker push ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} - - run: echo "IMAGE_DIGEST=$(docker inspect --format='{{.RepoDigests}}' ${{env.IMAGE-NAME}}:${{env.IMAGETAG}}|cut -d '@' -f 2|cut -d ']' -f 1)" >> "$GITHUB_ENV" - - - id: output-image-tag - run: echo "imagetag=${{env.IMAGETAG}}" >> "$GITHUB_OUTPUT" - - - id: output-image-digest - run: echo "imagedigest=${{env.IMAGE_DIGEST}}" >> "$GITHUB_OUTPUT" + - name: Set image digest + id: set-image-digest + run: | + image_digest=$(docker inspect \ + --format='{{.RepoDigests}}' ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ + | cut -d '@' -f 2 \ + | cut -d ']' -f 1) + echo "image-digest=$image_digest" >> "$GITHUB_OUTPUT" + echo "- Image digest: $image_digest" >> "$GITHUB_STEP_SUMMARY" - name: Run Trivy SBOM generation uses: felleslosninger/github-workflows/.github/actions/trivy-sbom@main with: scan-type: image - artifact-id: ${{ env.IMAGE-NAME }} - image-ref: "${{ env.IMAGE-NAME }}@${{ env.IMAGE_DIGEST }}" - version: ${{ env.IMAGETAG }} + artifact-id: ${{ steps.image-metadata.outputs.image-name }} + image-ref: "${{ steps.image-metadata.outputs.image-name }}@${{ steps.set-image-digest.outputs.image-digest }}" + version: ${{ steps.image-metadata.outputs.image-tag }} # This is already done in Trivy vuln scan step skip-setup: true @@ -259,7 +261,7 @@ jobs: if: ${{ inputs.image-signing == true }} uses: felleslosninger/github-workflows/.github/actions/image-signing@main with: - image: ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} + image: "${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }}" notify-on-errors: runs-on: ubuntu-latest From ea1cd613572d4f308780fe9770cdaa953a2da6f9 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 15:17:00 +0200 Subject: [PATCH 04/13] Fix outputs --- .github/workflows/ci-quarkus-build-publish-image.yml | 12 ++++++------ .../workflows/ci-spring-boot-build-publish-image.yml | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index 4a196c39..80412011 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -95,10 +95,10 @@ on: outputs: image-version: description: "Docker image version" - value: ${{ jobs.build-publish-image.outputs.imagetag }} + value: ${{ jobs.build-publish-image.outputs.image-tag }} image-digest: description: "Docker image SHA256 digest" - value: ${{ jobs.build-publish-image.outputs.imagedigest }} + value: ${{ jobs.build-publish-image.outputs.image-digest }} jobs: inputs-to-summary: @@ -112,14 +112,14 @@ jobs: build-publish-image: runs-on: ubuntu-latest + outputs: + image-tag: ${{ steps.image-metadata.outputs.image-tag }} + image-digest: ${{ steps.set-image-digest.outputs.image-digest }} + env: REPOSITORY-NAME: ${{ github.event.repository.name }} DOCKLE_HOST: "unix:///var/run/docker.sock" - outputs: - imagetag: ${{ steps.output-image-tag.outputs.imagetag }} - imagedigest: ${{ steps.output-image-digest.outputs.imagedigest }} - permissions: id-token: write contents: write diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index d210f2a4..b6693919 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -123,6 +123,7 @@ jobs: build-publish-image: runs-on: ubuntu-latest + outputs: image-tag: ${{ steps.image-metadata.outputs.image-tag }} image-digest: ${{ steps.set-image-digest.outputs.image-digest }} From 47cd7340a10e8d2967d287d70ee259f499bfc84c Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 22:02:56 +0200 Subject: [PATCH 05/13] Refactor image-metadata composite action --- .github/actions/image-metadata/action.yml | 112 +++++++++++++--------- 1 file changed, 67 insertions(+), 45 deletions(-) diff --git a/.github/actions/image-metadata/action.yml b/.github/actions/image-metadata/action.yml index 51927ef6..7f4d14be 100644 --- a/.github/actions/image-metadata/action.yml +++ b/.github/actions/image-metadata/action.yml @@ -43,87 +43,109 @@ inputs: outputs: image-name: description: The fully qualified image name - value: ${{ steps.image-metadata.outputs.image-name }} + value: ${{ steps.get-name.outputs.image-name }} image-tag: description: The image tag - value: ${{ steps.image-metadata.outputs.image-tag }} + value: ${{ steps.get-tag.outputs.image-tag }} runs: using: composite steps: - - name: Start image metadata + - name: Start image metadata summary shell: bash - run: | - echo "### Image metadata" >> "$GITHUB_STEP_SUMMARY" + run: echo "### Image metadata" >> "$GITHUB_STEP_SUMMARY" - name: Determine image name + id: get-name shell: bash env: - REPOSITORY_NAME: ${{ env.REPOSITORY_NAME }} + CONTAINER_REGISTRY: ${{ inputs.container-registry }} + REGISTRY_URL: ${{ inputs.registry-url }} + IMAGE_NAME: ${{ inputs.image-name }} + REPOSITORY_NAME: ${{ github.event.repository.name }} + REPOSITORY_OWNER: ${{ github.repository_owner }} run: | - registry="${{ inputs.container-registry }}" - if [ -z "$registry" ]; then - registry="${{ inputs.registry-url }}" - fi + set -euo pipefail + + registry="${CONTAINER_REGISTRY:-$REGISTRY_URL}" if [ -z "$registry" ]; then echo "::error:: Missing container-registry or registry-url input." - echo "> [!WARNING]" - echo "> **Input validation failed:** You must provide either container-registry or registry-url." >> "$GITHUB_STEP_SUMMARY" + { + echo "> [!WARNING]" + echo "> **Input validation failed:** You must provide either container-registry or registry-url." + } >> "$GITHUB_STEP_SUMMARY" exit 1 fi - image_name="${{ inputs.image-name }}" - if [ -z "$image_name" ]; then - if [ -n "$REPOSITORY_NAME" ]; then - image_name="$REPOSITORY_NAME" - else - image_name="${{ github.event.repository.name }}" - fi - fi + image_name="${IMAGE_NAME:-$REPOSITORY_NAME}" if [ "$registry" = "ghcr.io" ]; then - image_name="$registry/${{ github.repository_owner }}/$image_name" + image_name="$registry/$REPOSITORY_OWNER/$image_name" else image_name="$registry/$image_name" fi echo "image-name=$image_name" >> "$GITHUB_OUTPUT" - echo "- Image name: $image_name" >> "$GITHUB_STEP_SUMMARY" + echo "- Image name: \`$image_name\`" >> "$GITHUB_STEP_SUMMARY" - name: Determine image tag + id: get-tag shell: bash + env: + IMAGE_TAG: ${{ inputs.image-tag }} + PACKAGE_VERSION: ${{ inputs.package-version }} + VERSION: ${{ inputs.version }} + VERSION_POM_PATH: ${{ inputs.version-pom-path }} + STRIP_SNAPSHOT: ${{ inputs.strip-snapshot }} + AUTO_GENERATE_TAG: ${{ inputs.auto-generate-tag }} run: | - if [ -n "${{ inputs.image-tag }}" ]; then - image_tag="${{ inputs.image-tag }}" - echo "- Using custom image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - elif [ -n "${{ inputs.package-version }}" ]; then - image_tag="${{ inputs.package-version }}" - echo "- Using package version as image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - elif [ -n "${{ inputs.version }}" ]; then - image_tag="${{ inputs.version }}" - echo "- Using provided version as image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" - elif [ -n "${{ inputs.version-pom-path }}" ]; then - VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout -f "${{ inputs.version-pom-path }}" 2>/dev/null || true) - if [ -n "$VERSION" ] && [ "$VERSION" != "null" ]; then - image_tag="$VERSION" - if [[ "${{ inputs.strip-snapshot }}" == "true" ]] && ([[ "$GITHUB_REF" == "refs/heads/main" ]] || [[ "$GITHUB_REF" =~ ^refs/tags/ ]]); then + set -euo pipefail + + auto_tag="$(TZ=UTC date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8}" + tag_source="" + + if [ -n "$IMAGE_TAG" ]; then + image_tag="$IMAGE_TAG" + tag_source="custom image tag" + + elif [ -n "$PACKAGE_VERSION" ]; then + image_tag="$PACKAGE_VERSION" + tag_source="package version" + + elif [ -n "$VERSION" ]; then + image_tag="$VERSION" + tag_source="provided version" + + elif [ -n "$VERSION_POM_PATH" ]; then + set +e + pom_version=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout -f "$VERSION_POM_PATH" 2>/dev/null) + set -e + + if [ -n "$pom_version" ] && [ "$pom_version" != "null" ]; then + image_tag="$pom_version" + if [[ "$STRIP_SNAPSHOT" == "true" ]] && ([[ "$GITHUB_REF" == "refs/heads/main" ]] || [[ "$GITHUB_REF" == refs/tags/* ]]); then image_tag="${image_tag/-SNAPSHOT/}" fi - echo "- Using Maven version as image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + tag_source="Maven version" else - image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} - echo "- Fallback auto-generated image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + image_tag="$auto_tag" + tag_source="fallback auto-generated tag" fi - elif [[ "${{ inputs.auto-generate-tag }}" == "true" ]]; then - image_tag=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8} - echo "- Auto-generated image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + + elif [[ "$AUTO_GENERATE_TAG" == "true" ]]; then + image_tag="$auto_tag" + tag_source="auto-generated tag" + else echo "::error:: No image tag available. Provide image-tag, package-version, version, or allow auto-generate-tag." - echo "> [!WARNING]" - echo "> **Input validation failed:** No image tag was provided and auto-generate-tag is disabled." >> "$GITHUB_STEP_SUMMARY" + { + echo "> [!WARNING]" + echo "> **Input validation failed:** No image tag was provided and auto-generate-tag is disabled." + } >> "$GITHUB_STEP_SUMMARY" exit 1 fi echo "image-tag=$image_tag" >> "$GITHUB_OUTPUT" - echo "- Image tag: $image_tag" >> "$GITHUB_STEP_SUMMARY" + echo "- Image tag: \`$image_tag\` (Source: $tag_source)" >> + "$GITHUB_STEP_SUMMARY" From 4006afdb1ffd8431961b9edb2a6ee737f88a132a Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 22:29:33 +0200 Subject: [PATCH 06/13] Use output --- .github/workflows/ci-quarkus-build-publish-image.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index 80412011..49e6d7cc 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -132,11 +132,6 @@ jobs: image-name: ${{ inputs.image-name }} container-registry: ${{ inputs.container-registry }} - - name: Set image env variables - run: | - echo "IMAGETAG=${{ steps.image-metadata.outputs.image-tag }}" >> "$GITHUB_ENV" - echo "IMAGE-NAME=${{ steps.image-metadata.outputs.image-name }}" >> "$GITHUB_ENV" - - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 @@ -155,7 +150,7 @@ jobs: env: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} - run: mvn versions:set -B -DnewVersion="$IMAGETAG" + run: mvn versions:set -B -DnewVersion="${{ steps.image-metadata.outputs.image-tag }}" - name: Install pack run: | From ff04cde25e590e9339935dfc0688f117ae522158 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 22:38:25 +0200 Subject: [PATCH 07/13] Write inputs to summary in composite action --- .github/actions/image-metadata/action.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/actions/image-metadata/action.yml b/.github/actions/image-metadata/action.yml index 7f4d14be..6775e9cc 100644 --- a/.github/actions/image-metadata/action.yml +++ b/.github/actions/image-metadata/action.yml @@ -55,6 +55,11 @@ runs: shell: bash run: echo "### Image metadata" >> "$GITHUB_STEP_SUMMARY" + - name: Write inputs to summary + uses: felleslosninger/github-workflows/.github/actions/json-to-summary@main + with: + json-payload: ${{ toJson(inputs) }} + - name: Determine image name id: get-name shell: bash From a561ab5dd1f235378605923bb6deb6e1311ea6fe Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 22:39:24 +0200 Subject: [PATCH 08/13] Fix typo --- .github/workflows/ci-spring-boot-container-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index 1d005091..4f2d9e45 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -19,7 +19,7 @@ on: type: string registry-url: description: Image/Container Registery URL - default: "my-local-registery" + default: "my-local-registry" required: false type: string java-version: From 563cda1ee0ff75259d15932e609f16b487147553 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 22:39:53 +0200 Subject: [PATCH 09/13] Migrate to composite action --- .../workflows/ci-quarkus-container-scan.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-quarkus-container-scan.yml b/.github/workflows/ci-quarkus-container-scan.yml index a70ecb5f..527c7cd5 100644 --- a/.github/workflows/ci-quarkus-container-scan.yml +++ b/.github/workflows/ci-quarkus-container-scan.yml @@ -19,7 +19,7 @@ on: type: string registry-url: description: Image/Container Registery URL - default: "my-local-registery" + default: "my-local-registry" required: false type: string java-version: @@ -89,12 +89,12 @@ jobs: DOCKLE_HOST: "unix:///var/run/docker.sock" #TRIVY_TIMEOUT: "15m" steps: - - name: Set imagetag as env variable - run: echo "IMAGETAG=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8}" >> "$GITHUB_ENV" - - - name: Set IMAGE-NAME env variable - run: | - echo "IMAGE-NAME=${{ inputs.registry-url }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + registry-url: ${{ inputs.registry-url }} - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 @@ -130,7 +130,7 @@ jobs: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} run: | - pack build ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} \ + pack build ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ --path . \ --buildpack docker://paketobuildpacks/quarkus \ --buildpack docker://paketobuildpacks/java-native-image \ @@ -150,7 +150,7 @@ jobs: MAVEN_USER: ${{ secrets.MAVEN_USER }} MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} run: | - pack build ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} \ + pack build ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ --path . \ --buildpack docker://paketobuildpacks/quarkus \ --buildpack docker://paketobuildpacks/java \ @@ -165,7 +165,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} + image-ref: "${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }}" application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} From 82d7298dd843997283e8f9fecb9a57dcf29c419a Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 23:12:59 +0200 Subject: [PATCH 10/13] Migrate k6 workflows --- .github/workflows/test-k6-build-docker.yml | 16 +++--- .../test-k6-build-publish-docker.yml | 49 ++++++++++--------- 2 files changed, 33 insertions(+), 32 deletions(-) diff --git a/.github/workflows/test-k6-build-docker.yml b/.github/workflows/test-k6-build-docker.yml index aeb99bbd..65d6fe65 100644 --- a/.github/workflows/test-k6-build-docker.yml +++ b/.github/workflows/test-k6-build-docker.yml @@ -70,12 +70,12 @@ jobs: REGISTRY_URL: my-local-registry DOCKLE_HOST: "unix:///var/run/docker.sock" steps: - - name: Set imagetag as env variable - run: echo "IMAGETAG=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8}" >> "$GITHUB_ENV" - - - name: Set IMAGE-NAME env variable - run: | - echo "IMAGE-NAME=${{ env.REGISTRY_URL }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + registry-url: ${{ env.REGISTRY_URL }} - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 @@ -86,12 +86,12 @@ jobs: cp -R ${{ inputs.k6-libs-folder }}/* docker/${{ inputs.k6-libs-folder }}/ - name: Build the tagged Docker image - run: docker build --tag ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} docker/ + run: docker build --tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} docker/ - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{env.IMAGE-NAME}}:${{env.IMAGETAG}} + image-ref: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} diff --git a/.github/workflows/test-k6-build-publish-docker.yml b/.github/workflows/test-k6-build-publish-docker.yml index 545c33df..75cb15e1 100644 --- a/.github/workflows/test-k6-build-publish-docker.yml +++ b/.github/workflows/test-k6-build-publish-docker.yml @@ -70,10 +70,10 @@ on: outputs: image-version: description: "Docker image version" - value: ${{ jobs.build-publish-image.outputs.imagetag }} + value: ${{ jobs.build-publish-image.outputs.image-tag }} image-digest: description: "Docker image SHA256 digest" - value: ${{ jobs.build-publish-image.outputs.imagedigest }} + value: ${{ jobs.build-publish-image.outputs.image-digest }} jobs: build-publish-image: @@ -82,29 +82,29 @@ jobs: REPOSITORY-NAME: ${{ github.event.repository.name }} DOCKLE_HOST: "unix:///var/run/docker.sock" outputs: - imagetag: ${{ steps.output-image-tag.outputs.imagetag }} - imagedigest: ${{ steps.output-image-digest.outputs.imagedigest }} + image-tag: ${{ steps.image-metadata.outputs.image-tag }} + image-digest: ${{ steps.set-image-digest.outputs.image-digest }} permissions: id-token: write contents: write steps: - - name: Set imagetag as env variable - run: echo "IMAGETAG=$(date +'%Y-%m-%d-%H%M')-${GITHUB_SHA::8}" >> "$GITHUB_ENV" - - - name: Set IMAGE_NAME env variable - run: | - echo "IMAGE_NAME=${{ secrets.REGISTRY_URL }}/${{ inputs.image-name || env.REPOSITORY-NAME }}" >> "$GITHUB_ENV" + - name: Set image metadata + id: image-metadata + uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + with: + image-name: ${{ inputs.image-name }} + registry-url: ${{ secrets.REGISTRY_URL }} - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # pin@v5.0.0 - - name: Find and replace image version for ${{ env.IMAGETAG }} in version endpoint + - name: Find and replace image version for ${{ steps.image-metadata.outputs.image-tag }} in version endpoint uses: jacobtomlinson/gha-find-replace@f1069b438f125e5395d84d1c6fd3b559a7880cb5 # pin@v3.0.5 id: update-version with: find: "DEV-SNAPSHOT" - replace: "${{ env.IMAGETAG }}" + replace: "${{ steps.image-metadata.outputs.image-tag }}" include: "docker/version" regex: false @@ -115,12 +115,12 @@ jobs: cp -R ${{ inputs.k6-libs-folder }}/* docker/${{ inputs.k6-libs-folder }}/ - name: Build the tagged Docker image - run: docker build --tag ${{env.IMAGE_NAME}}:${{env.IMAGETAG}} docker/ + run: docker build --tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} docker/ - name: Run Trivy vulnerability scanner uses: felleslosninger/github-workflows/.github/actions/trivy-scan@main with: - image-ref: ${{env.IMAGE_NAME}}:${{env.IMAGETAG}} + image-ref: "${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }}" application-path: ${{ inputs.application-path }} library-disable-scan: ${{ inputs.trivy-library-disable-scan }} library-ignore-unfixed: ${{ inputs.trivy-library-ignore-unfixed }} @@ -145,22 +145,23 @@ jobs: - name: "Build the tagged Docker image" run: | - docker push ${{env.IMAGE_NAME}}:${{env.IMAGETAG}} - docker image tag ${{env.IMAGE_NAME}}:${{env.IMAGETAG}} ${{env.IMAGE_NAME}}:latest && docker push ${{env.IMAGE_NAME}}:latest + docker push ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} + docker image tag ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} ${{ steps.image-metadata.outputs.image-name }}:latest && docker push ${{ steps.image-metadata.outputs.image-name }}:latest - - name: "Set image digest" + - name: Set image digest + id: set-image-digest run: | - echo "IMAGE_DIGEST=$(docker inspect --format='{{.RepoDigests}}' ${{env.IMAGE_NAME}}:${{env.IMAGETAG}}|cut -d '@' -f 2|cut -d ']' -f 1)" >> "$GITHUB_ENV" - - - id: output-image-tag - run: echo "imagetag=${{env.IMAGETAG}}" >> "$GITHUB_OUTPUT" + image_digest=$(docker inspect \ + --format='{{.RepoDigests}}' ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} \ + | cut -d '@' -f 2 \ + | cut -d ']' -f 1) + echo "image-digest=$image_digest" >> "$GITHUB_OUTPUT" + echo "- Image digest: $image_digest" >> "$GITHUB_STEP_SUMMARY" - - id: output-image-digest - run: echo "imagedigest=${{env.IMAGE_DIGEST}}" >> "$GITHUB_OUTPUT" - name: Image signing uses: felleslosninger/github-workflows/.github/actions/image-signing@main with: - image: ${{env.IMAGE_NAME}}:${{env.IMAGETAG}} + image: ${{ steps.image-metadata.outputs.image-name }}:${{ steps.image-metadata.outputs.image-tag }} notify-on-errors: runs-on: ubuntu-latest From c644c16adb7310c1df9654ade587c916936beb04 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 23:16:15 +0200 Subject: [PATCH 11/13] Use branch for testing --- .github/workflows/ci-build-publish-image.yml | 6 +++--- .github/workflows/ci-docker-build-publish-image.yml | 2 +- .../workflows/ci-docker-build-publish-integrasjonspunkt.yml | 2 +- .../workflows/ci-docker-build-scan-integrasjonspunkt.yml | 2 +- .github/workflows/ci-pr-checks.yml | 4 ++-- .github/workflows/ci-quarkus-build-publish-image.yml | 2 +- .github/workflows/ci-quarkus-container-scan.yml | 2 +- .github/workflows/ci-spring-boot-build-publish-image.yml | 2 +- .github/workflows/ci-spring-boot-container-scan.yml | 2 +- .github/workflows/test-k6-build-docker.yml | 2 +- .github/workflows/test-k6-build-publish-docker.yml | 2 +- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci-build-publish-image.yml b/.github/workflows/ci-build-publish-image.yml index ebf8b74e..a8c25962 100644 --- a/.github/workflows/ci-build-publish-image.yml +++ b/.github/workflows/ci-build-publish-image.yml @@ -163,7 +163,7 @@ jobs: run-spring-boot-build: needs: input-checks if: inputs.application-type == 'spring-boot' - uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-build-publish-image.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-build-publish-image.yml@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} image-pack: ${{ inputs.image-pack }} @@ -191,7 +191,7 @@ jobs: run-quarkus-build: needs: input-checks if: inputs.application-type == 'quarkus' - uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-build-publish-image.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-build-publish-image.yml@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} image-pack: ${{ inputs.image-pack }} @@ -216,7 +216,7 @@ jobs: run-docker-build: needs: input-checks if: inputs.application-type == 'docker' - uses: felleslosninger/github-workflows/.github/workflows/ci-docker-build-publish-image.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-docker-build-publish-image.yml@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} image-signing: ${{ inputs.image-signing }} diff --git a/.github/workflows/ci-docker-build-publish-image.yml b/.github/workflows/ci-docker-build-publish-image.yml index 5351f311..59b8739e 100644 --- a/.github/workflows/ci-docker-build-publish-image.yml +++ b/.github/workflows/ci-docker-build-publish-image.yml @@ -102,7 +102,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} container-registry: ${{ inputs.container-registry }} diff --git a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml index 273f6d36..4b18ca52 100644 --- a/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-publish-integrasjonspunkt.yml @@ -135,7 +135,7 @@ jobs: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} registry-url: ${{ inputs.registry-url }} diff --git a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml index ebbdb9e1..eb6dfb13 100644 --- a/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml +++ b/.github/workflows/ci-docker-build-scan-integrasjonspunkt.yml @@ -119,7 +119,7 @@ jobs: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} registry-url: ${{ inputs.registry-url }} diff --git a/.github/workflows/ci-pr-checks.yml b/.github/workflows/ci-pr-checks.yml index 9ff16c1a..dca04a3d 100644 --- a/.github/workflows/ci-pr-checks.yml +++ b/.github/workflows/ci-pr-checks.yml @@ -201,7 +201,7 @@ jobs: if: | inputs.enable-trivy-image-scan == true && inputs.application-type == 'spring-boot' - uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-container-scan.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-spring-boot-container-scan.yml@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} image-pack: ${{ inputs.image-pack }} @@ -222,7 +222,7 @@ jobs: if: | inputs.enable-trivy-image-scan == true && inputs.application-type == 'quarkus' - uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-container-scan.yml@main + uses: felleslosninger/github-workflows/.github/workflows/ci-quarkus-container-scan.yml@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} image-pack: ${{ inputs.image-pack }} diff --git a/.github/workflows/ci-quarkus-build-publish-image.yml b/.github/workflows/ci-quarkus-build-publish-image.yml index 49e6d7cc..8461efa5 100644 --- a/.github/workflows/ci-quarkus-build-publish-image.yml +++ b/.github/workflows/ci-quarkus-build-publish-image.yml @@ -127,7 +127,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} container-registry: ${{ inputs.container-registry }} diff --git a/.github/workflows/ci-quarkus-container-scan.yml b/.github/workflows/ci-quarkus-container-scan.yml index 527c7cd5..27c64878 100644 --- a/.github/workflows/ci-quarkus-container-scan.yml +++ b/.github/workflows/ci-quarkus-container-scan.yml @@ -91,7 +91,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} registry-url: ${{ inputs.registry-url }} diff --git a/.github/workflows/ci-spring-boot-build-publish-image.yml b/.github/workflows/ci-spring-boot-build-publish-image.yml index b6693919..00ce8a75 100644 --- a/.github/workflows/ci-spring-boot-build-publish-image.yml +++ b/.github/workflows/ci-spring-boot-build-publish-image.yml @@ -136,7 +136,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} container-registry: ${{ inputs.container-registry }} diff --git a/.github/workflows/ci-spring-boot-container-scan.yml b/.github/workflows/ci-spring-boot-container-scan.yml index 4f2d9e45..b553b172 100644 --- a/.github/workflows/ci-spring-boot-container-scan.yml +++ b/.github/workflows/ci-spring-boot-container-scan.yml @@ -94,7 +94,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} registry-url: ${{ inputs.registry-url }} diff --git a/.github/workflows/test-k6-build-docker.yml b/.github/workflows/test-k6-build-docker.yml index 65d6fe65..d72beb98 100644 --- a/.github/workflows/test-k6-build-docker.yml +++ b/.github/workflows/test-k6-build-docker.yml @@ -72,7 +72,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} registry-url: ${{ env.REGISTRY_URL }} diff --git a/.github/workflows/test-k6-build-publish-docker.yml b/.github/workflows/test-k6-build-publish-docker.yml index 75cb15e1..52a627c2 100644 --- a/.github/workflows/test-k6-build-publish-docker.yml +++ b/.github/workflows/test-k6-build-publish-docker.yml @@ -92,7 +92,7 @@ jobs: steps: - name: Set image metadata id: image-metadata - uses: felleslosninger/github-workflows/.github/actions/image-metadata@main + uses: felleslosninger/github-workflows/.github/actions/image-metadata@PF-2305-image-metadata-composite-action with: image-name: ${{ inputs.image-name }} registry-url: ${{ secrets.REGISTRY_URL }} From c7eac808e7884674b555dde3f39264633d603cf7 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 23:27:53 +0200 Subject: [PATCH 12/13] Fix newline typo --- .github/actions/image-metadata/action.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/actions/image-metadata/action.yml b/.github/actions/image-metadata/action.yml index 6775e9cc..b0102b06 100644 --- a/.github/actions/image-metadata/action.yml +++ b/.github/actions/image-metadata/action.yml @@ -152,5 +152,4 @@ runs: fi echo "image-tag=$image_tag" >> "$GITHUB_OUTPUT" - echo "- Image tag: \`$image_tag\` (Source: $tag_source)" >> - "$GITHUB_STEP_SUMMARY" + echo "- Image tag: \`$image_tag\` (Source: $tag_source)" >> "$GITHUB_STEP_SUMMARY" From 1850f7ab4028cdbc3b60143d41c8b470d3ef8799 Mon Sep 17 00:00:00 2001 From: Jonas Arneberg Saltvik Date: Mon, 27 Apr 2026 23:38:49 +0200 Subject: [PATCH 13/13] Clean up README a bit more --- .github/actions/image-metadata/README.md | 27 ++++++++++++++---------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/.github/actions/image-metadata/README.md b/.github/actions/image-metadata/README.md index eb1c46f8..d1f9c98a 100644 --- a/.github/actions/image-metadata/README.md +++ b/.github/actions/image-metadata/README.md @@ -4,17 +4,18 @@ Author: **Digdir Platform Team** ## Description -This composite action generates Docker image metadata for workflows that need a consistent image name and tag. +This composite action generates Docker image metadata for workflows that need a +consistent image name and tag. -It supports: +It supports -- custom image tags via `image-tag` -- package-version-based tags via `package-version` -- explicit version strings via `version` -- snapshot stripping when building from `main` or tag refs -- auto-generated tags when no explicit tag is provided -- container registry selection via `container-registry` or `registry-url` -- automatic image-name fallback to the current repository name +- Custom image tags via `image-tag` +- Package-version tags via `package-version` +- Explicit version strings via `version` +- Snapshot stripping when building from `main` or tag refs +- Auto-generated tags when no explicit tag is provided +- Container registry selection via `container-registry` or `registry-url` +- Automatic `image-name` fallback to the current repository name ## Inputs @@ -25,7 +26,9 @@ It supports: | `registry-url` | Alternate registry URL if `container-registry` is not provided. | false | `""` | | `image-tag` | Custom image tag. Overrides auto-generation. | false | `""` | | `package-version` | Use package version as image tag when provided. | false | `""` | -| `version` | Use explicit version string as image tag when provided. | false | `""` || `version-pom-path` | Evaluate Maven `pom.xml` to derive the version when no explicit tag is provided. | false | `` || `strip-snapshot` | Strip `-SNAPSHOT` from version when building from `main` or tag refs. | false | `false` | +| `version` | Use explicit version string as image tag when provided. | false | `""` | +| `version-pom-path` | Evaluate Maven `pom.xml` to derive the version when no explicit tag is provided. | false | `` | +| `strip-snapshot` | Strip `-SNAPSHOT` from version when building from `main` or tag refs. | false | `false` | | `auto-generate-tag` | Generate a tag from the date and SHA when no explicit tag is provided. | false | `true` | ## Outputs @@ -49,4 +52,6 @@ steps: ## How it works -The action validates registry and image-name inputs, chooses the best available tag source, and writes both values to outputs for later build, scan, and publishing steps. +The action validates registry and image-name inputs, chooses the best available +tag source, and writes both values to outputs for later build, scan, and +publishing steps.