ci: update permissions

aoudiamoncef · Jun 19, 2024 · b9d648c · b9d648c
1 parent 8c2bd96
commit b9d648c
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 15 deletions.
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -8,6 +8,11 @@ on:
 jobs:
   docker:
     runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      attestations: write
+      id-token: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -39,25 +44,19 @@ jobs:
             aoudiamoncef/ubuntu-sshd
             ghcr.io/${{ github.repository }}/ubuntu-sshd
 
-      - name: Build and push to Docker Hub
+      - name: Build and push to Docker Hub and GitHub Container Registry
         uses: docker/build-push-action@v5
         with:
           context: .
           push: true
-          tags: aoudiamoncef/ubuntu-sshd:latest
-          labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Build and push to GitHub Container Registry
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: true
-          tags: ghcr.io/${{ github.repository }}/ubuntu-sshd:latest
+          tags: |
+            aoudiamoncef/ubuntu-sshd:latest
+            ghcr.io/${{ github.repository }}/ubuntu-sshd:latest
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:
           subject-name: ghcr.io/${{ github.repository }}/ubuntu-sshd
-          subject-digest: ${{ steps.push.outputs.digest }}
-          push-to-registry: true
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: |
             aoudiamoncef/ubuntu-sshd
@@ -32,4 +32,4 @@ jobs:
           context: .
           push: false
           tags: aoudiamoncef/ubuntu-sshd:pr-${{ github.event.number }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/README.md b/README.md
@@ -1,6 +1,7 @@
 # SSH-Enabled Ubuntu Docker Image
 
-[![Docker Image Deployment](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci_cd.yml/badge.svg)](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci_cd.yml)
+[![Docker Image CI](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci_cd.yml/badge.svg)](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci.yml)
+[![Docker Image Deployment](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/ci_cd.yml/badge.svg)](https://github.com/aoudiamoncef/ubuntu-sshd/actions/workflows/cd.yml)
 [![Docker Pulls](https://img.shields.io/docker/pulls/aoudiamoncef/ubuntu-sshd.svg)](https://hub.docker.com/r/aoudiamoncef/ubuntu-sshd)
 [![Maintenance](https://img.shields.io/badge/Maintained-Yes-green.svg)](https://github.com/aoudiamoncef/ubuntu-sshd)