Skip to content

digest output to return digest of image pushed or artifact uploaded#126

Open
crazy-max wants to merge 2 commits intomainfrom
image-digest
Open

digest output to return digest of image pushed or artifact uploaded#126
crazy-max wants to merge 2 commits intomainfrom
image-digest

Conversation

@crazy-max
Copy link
Member

@crazy-max crazy-max commented Mar 6, 2026
edited
Loading

fixes #110

To return digest of image pushed or artifact uploaded.

One typical use case is for example running container scan to check for CVEs in a post job like:

name: ci

permissions:
  contents: read

on:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:

  build:
    uses: docker/github-builder/.github/workflows/build.yml@v1
    permissions:
      contents: read # to fetch the repository content
      id-token: write # for signing attestation(s) with GitHub OIDC Token
    with:
      output: image
      push: ${{ github.event_name != 'pull_request' }}
      meta-images: name/app
    secrets:
      registry-auths: |
        - registry: docker.io
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

  scan:
    runs-on: ubuntu-24.04
    if: ${{ github.event_name != 'pull_request' }}
    needs:
      - build
    steps:
      -
        name: Login to registry
        uses: docker/login-action@v4
        with:
          registry: docker.io
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Scan for vulnerabilities
        uses: crazy-max/ghaction-container-scan@v4
        with:
          image: name/app@${{ needs.build.outputs.digest }}

cc @mathieu-benoit

@crazy-max crazy-max force-pushed the image-digest branch 5 times, most recently from c809e63 to 30b80cd Compare March 10, 2026 09:05
@crazy-max crazy-max requested a review from tonistiigi March 10, 2026 09:12
@crazy-max crazy-max marked this pull request as ready for review March 10, 2026 09:12
@crazy-max crazy-max requested a review from a team as a code owner March 10, 2026 09:12
@crazy-max crazy-max changed the title add image-digest output to return pushed digest on manifest creation add image-digest and image-names output Mar 10, 2026
@crazy-max crazy-max force-pushed the image-digest branch 2 times, most recently from a5be055 to c23bd7c Compare March 10, 2026 10:11
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 10, 2026
View reviewed changes
@crazy-max crazy-max force-pushed the image-digest branch 3 times, most recently from 85729f1 to 00f4b3a Compare March 12, 2026 16:29
@crazy-max crazy-max changed the title add image-digest and image-names output digest output to return digest of image pushed or artifact uploaded Mar 12, 2026
@crazy-max
digest output to return digest of image pushed or artifact uploaded
8b98130 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
@crazy-max
readme: outputs docs
e30e09b 
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

Assignees

@crazy-max crazy-max

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Docker Scout integration?

2 participants

@crazy-max @tonistiigi