Skip to content

add image-digest and image-names output#126

Open
crazy-max wants to merge 4 commits intomainfrom
image-digest
Open

add image-digest and image-names output#126
crazy-max wants to merge 4 commits intomainfrom
image-digest

Conversation

@crazy-max
Copy link
Member

@crazy-max crazy-max commented Mar 6, 2026
edited
Loading

fixes #110

To return pushed digest and image names on manifest creation.

One typical use case is for example running container scan to check for CVEs in a post job like:

name: ci

permissions:
  contents: read

on:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:

  build:
    uses: docker/github-builder/.github/workflows/build.yml@v1
    permissions:
      contents: read # to fetch the repository content
      id-token: write # for signing attestation(s) with GitHub OIDC Token
    with:
      output: image
      push: ${{ github.event_name != 'pull_request' }}
      meta-images: name/app
    secrets:
      registry-auths: |
        - registry: docker.io
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

  scan:
    runs-on: ubuntu-24.04
    if: ${{ github.event_name != 'pull_request' }}
    needs:
      - build
    steps:
      -
        name: Login to registry
        uses: docker/login-action@v4
        with:
          registry: docker.io
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Scan for vulnerabilities
        uses: crazy-max/ghaction-container-scan@v4
        with:
          image: ${{ fromJSON(needs.build.outputs.image-names)[0] }}@${{ needs.build.outputs.image-digest }}

cc @mathieu-benoit

@crazy-max crazy-max force-pushed the image-digest branch 4 times, most recently from 00a12c4 to c809e63 Compare March 6, 2026 17:17
@crazy-max
add image-digest output to return pushed digest on manifest creation
30b80cd 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max crazy-max requested a review from tonistiigi March 10, 2026 09:12
@crazy-max crazy-max marked this pull request as ready for review March 10, 2026 09:12
@crazy-max crazy-max requested a review from a team as a code owner March 10, 2026 09:12
@crazy-max crazy-max changed the title add image-digest output to return pushed digest on manifest creation add image-digest and image-names output Mar 10, 2026
@crazy-max
add image-names output
5af3c2f 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 10, 2026
View reviewed changes
@crazy-max
test image-names and image-digest
31d7271 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
readme: outputs docs
85729f1 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi Awaiting requested review from tonistiigi

At least 1 approving review is required to merge this pull request.

Assignees

@crazy-max crazy-max

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Docker Scout integration?

1 participant

@crazy-max