change action

.github/workflows/busybox-ghcr.yml

@@ -3,26 +3,54 @@ on:
 #    paths: 
 #    - 'Dockerfile.busybox'
 name: Build & Sign & Push Dockerfile.busybox
+
+env:
+  IMAGE_NAME: busybox
+  DOCKER_FILE: Dockerfile.busybox
+
 jobs:
   build:
-    name: Docker Build & Sign & Push
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v2
-      - name: Build & Sign 
-        uses: philips-software/[email protected]
-        with:
-          dockerfile: Dockerfile.busybox
-          image-name: busybox
-          tags: latest 0.1
-          push-branches: master dev
-          sign: true
-        env:
-          REGISTRY_USERNAME: ${{ github.actor }}
-          REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          REGISTRY_URL: ghcr.io/gnuu-de
-          GITHUB_ORGANIZATION: gnuu-de
-          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-          #COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-          COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
+    - name: Checkout Repo
+      uses: actions/checkout@v2
+    - name: Install Cosign
+      uses: sigstore/cosign-installer@main
+      with:
+        cosign-release: 'v1.13.1'
+    - name: Log in to ghcr registry
+      run: |
+        echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+    - name: Build the image with docker
+      run: docker build . --file $DOCKER_FILE --tag $IMAGE_NAME --label "runnumber=${GITHUB_RUN_ID}"
+    - name: Push & Sign image
+      run: |
+        IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
+        # Change all uppercase to lowercase
+        IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+        # Strip git ref prefix from version
+        VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+        # Strip "v" prefix from tag name
+        [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+        # Use Docker `latest` tag convention
+        [ "$VERSION" == "master" ] && VERSION=latest
+        echo IMAGE_ID=$IMAGE_ID
+        echo VERSION=$VERSION
+        echo "{{ github.ref.type }}"
+        docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+        docker push $IMAGE_ID:$VERSION
+        cosign sign --key env://COSIGN_KEY $IMAGE_ID:$VERSION
+      env:
+        COSIGN_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+
+    - name: Push & Sign image release
+      if: github.ref.type == 'tag'
+      run: |
+        IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
+        IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+        VERSION=${GITHUB_REF_NAME}
+        docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+        docker push $IMAGE_ID:$VERSION
+        cosign sign --key env://COSIGN_KEY $IMAGE_ID:$VERSION
+      env:
+        COSIGN_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}