Add container_digest as output variable.

Question

Add container_digest as output variable.

Closed this issue 3 years ago · 2 comments

Proposal

In order to sign images, we need the container digest.

See sample code: https://github.com/philips-labs/slsa-provenance-action/blob/main/.github/workflows/ci.yaml#L113

Copy of sample code:

          export CONTAINER_DIGEST=$(make container-digest GITHUB_REF=${{ github.ref_name }})
          echo "::set-output name=container_digest::$CONTAINER_DIGEST"
          echo "::set-output name=container_tags::$(make container-tags CONTAINER_DIGEST="${CONTAINER_DIGEST}" | paste -s -d ',' -)"
          echo "::set-output name=container_repos::$(make container-repos CONTAINER_DIGEST="${CONTAINER_DIGEST}" | jq --raw-input . | jq --slurp -c)"

Suggested changes

Add outputs:

container_digest
container_tags
container_repos

Related issue

Part of the first approach in #78 .

Answer 1 · 2022-01-04T20:41:10.000Z

We don't need the container_repo

Answer 2 · 2022-01-05T08:51:03.000Z

We also need an output flag which indicates whether the action has pushed an image to a docker registry.

Depending on that flag, the provenance / signing action can be triggered.

I will create a new issue for this.