feat(release-container): Add inputs to build images from a subpath (#99)

radiorabe · Nov 19, 2024 · 4c74c05 · 4c74c05
1 parent 27dd2f1
commit 4c74c05
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 6 deletions.
diff --git a/.github/workflows/release-container.yaml b/.github/workflows/release-container.yaml
@@ -39,6 +39,16 @@ on:
         required: false
         default: false
         type: boolean
+      dockerfile-path:
+        description: 'Path to the Dockerfile used in the build'
+        required: false
+        default: 'Dockerfile'
+        type: string
+      context:
+        description: 'Context directory for build'
+        required: false
+        default: '.'
+        type: string
 
 jobs:
   docker:
@@ -101,16 +111,16 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Verify Dockerfile using cosign
-        run: cosign dockerfile verify --certificate-oidc-issuer ${{ inputs.cosign-certificate-oidc-issuer }} --certificate-identity-regexp ${{ inputs.cosign-certificate-identity-regexp }} ${{ inputs.cosign-base-image-only && '--base-image-only' || '' }} Dockerfile > /dev/null
+      - name: Verify ${{ inputs.dockerfile }} using cosign
+        run: cosign dockerfile verify --certificate-oidc-issuer ${{ inputs.cosign-certificate-oidc-issuer }} --certificate-identity-regexp ${{ inputs.cosign-certificate-identity-regexp }} ${{ inputs.cosign-base-image-only && '--base-image-only' || '' }} ${{ inputs.dockerfile }} > /dev/null
         if: inputs.cosign-verify
 
       - name: Build Container Image
         id: docker_build
         uses: docker/build-push-action@v6
         with:
-          context: .
-          file: ./Dockerfile
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
           platforms: linux/amd64
           load: true
           push: false
@@ -165,8 +175,8 @@ jobs:
         id: docker_push
         uses: docker/build-push-action@v6
         with:
-          context: .
-          file: ./Dockerfile
+          context: ${{ inputs.context }}
+          file: ${{ inputs.dockerfile }}
           platforms: linux/amd64
           push: ${{ github.event_name != 'pull_request' && startsWith(github.event.ref, 'refs/tags/v') }}
           tags: ${{ steps.meta.outputs.tags }}

diff --git a/README.md b/README.md
@@ -98,6 +98,8 @@ jobs:
       cosign-certificate-oidc-issuer: [issues] # (6)
       cosign-certificate-identity-regexp: [regexp] # (7)
       cosign-base-image-only: [true] # (8)
+      dockerfile: [Dockerfile] # (9)
+      context: [.] # (10)
 ```
 
 1. Replace this with the actual name of the image, usually something like the
@@ -113,6 +115,8 @@ jobs:
    of our orga, add a more specific regexp if you feel the need.
 8. Pass `--base-image-only` to cosign if you are copying binaries from a
    source image that isn't signed with cosign.
+9. Specify the path to the Dockerfile if it isn't in the root of the repository.
+10. Specify the context directory for Docker build.
 
 As a last step, it is recommended to add `trivy.*` to both your `.gitignore`
 and `.dockerignore` files so trivy can't interfere with multi-stage builds.