Skip to content

[DNM] Test publishing via GAR#1467

Draft
martincostello wants to merge 22 commits into
mainfrom
test-image-mirroring-to-dockerhub
Draft

[DNM] Test publishing via GAR#1467
martincostello wants to merge 22 commits into
mainfrom
test-image-mirroring-to-dockerhub

Conversation

@martincostello

@martincostello martincostello commented Jun 12, 2026

Copy link
Copy Markdown
Member

Changes to test publishing to DockerHub via GAR.

@martincostello
[DNM] Test publishing via GAR
aedaf50 
Changes to test publishing to DockerHub via GAR.
github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 12, 2026
View reviewed changes
Comment thread .github/workflows/ghcr-image-build-and-publish.yml Fixed
@martincostello
Pin image by SHA
fb40ad4 
Copy-pasta from README.
@martincostello
Fix typo
55ea566 
Fix typo to fix CI.
@martincostello
Verify attestation and signature
a26d1eb 
Add steps to verify the attestation and signature during publishing.
@martincostello
Refactor
f8b9e27 
Make the image name include the owner.
@martincostello
Add GH_TOKEN
38f55a5 
Add missing token for using `gh`.
@martincostello
Swap order of steps
d7bba40 
Cannot verify the image if it isn't there...
@martincostello
Fix env vars
97bb42c 
Remove `oci://` prefixes.
@martincostello
Enable publishing to dev mirror
ab9d370 
Enable to test workflow.
@martincostello
Fix gar-repository
32c1959 
Fix incorrect `gar-repository` value.
@martincostello
Attest after mirroring
b3de31d 
Otherwise the image isn't there to fetch to attest.
@martincostello
Refactor into multiple jobs
6ec00c9 
- Add job to wait for mirroring.
- Move attestation and signing to after the mirror completes.
@martincostello
Fix permissions
4c9688c 
Fix permissions after splitting jobs.
@martincostello
Update attestation and signing
78bfdac 
Need to push the artifacts to GAR but as docker.io.
@martincostello
Override gar-image
ff92168 
Change gar-image to match the name we use in Docker Hub.
@martincostello
Change attestation subject
cb1ac6c 
Change the subject to (hopefully) match GAR.
@martincostello
Tweak the parameters
7753002 
Remove the image name from `gar-repository`.
@martincostello
Fix subject name
bb5ea7a 
Use the first tag.
@martincostello
Refactor for attestation
be8510c 
- Add explicit `gar-registry`.
- Add env values to reduce copy-pasta.
- Authenticate with GAR to allow attestation and signing.
@martincostello
Fix gar-repository
3dae859 
Use the repo's name not it's full name for `gar-repository`.
@martincostello
Update workload_identity_provider
314476a 
Try `dev` instead of `global`.
@martincostello
Revert previous change
1e65ad2 
Definitely doesn't work.
@martincostello martincostello mentioned this pull request Jun 16, 2026
Merged
martincostello added a commit that referenced this pull request Jun 16, 2026
@martincostello
Publish refactoring (#1482)
9dc3c51 
Changes cherry-picked from #1455 and #1467:

- Use output instead of env for `SOURCE_DATE_EPOCH,
- Verify attestations and signatures.
- Associate ghcr publishing with an environment.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martincostello @github-advanced-security