chore: fix login image with sha release (#10157)

# Which Problems Are Solved Fixes the releasing of multi-architecture login images. # How the Problems Are Solved - The login-container workflow extends the bake definition with a file docker-bake-release.hcl wich adds the platforms linux/arm and linux/amd to all relevant build targets. The used technique is similar to how the docker metadata action allows to extend the bake definitions. - The local login tag is moved to the metadata bake target, which is always inherited and overwritten in the pipeline - Packages write permission is added # Additional Changes - The MIT license is noted in container labels and annotations - The Image is built from root so that the local proto files are used --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-08-11 14:37:34 +00:00 · 2025-07-03 13:10:10 +02:00
parent 47f0486ee8
commit 12656235e2
6 changed files with 40 additions and 16 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -86,7 +86,7 @@ jobs:
      actions: write
      id-token: write
    with:
-      ignore-run-cache:  ${{ github.event_name == 'workflow_dispatch' }}
+      ignore-run-cache:  ${{ github.event_name == 'workflow_dispatch' || fromJSON(github.run_attempt) > 1 }}
      node_version: "20"

  container:
@@ -106,7 +106,7 @@ jobs:
      packages: write
      id-token: write
    with:
-      login_build_image_name: "ghcr.io/zitadel/login-build"
+      login_build_image_name: "ghcr.io/zitadel/zitadel-login-build"
      node_version: "20"

  e2e:
@@ -133,5 +133,5 @@ jobs:
      image_name: "ghcr.io/zitadel/zitadel"
      google_image_name: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel"
      build_image_name_login: ${{ needs.login-container.outputs.login_build_image }}
-      image_name_login: "ghcr.io/zitadel/login"
-      google_image_name_login: europe-docker.pkg.dev/zitadel-common/zitadel-repo/login
+      image_name_login: "ghcr.io/zitadel/zitadel-login"
+      google_image_name_login: "europe-docker.pkg.dev/zitadel-common/zitadel-repo/zitadel-login"
--- a/.github/workflows/login-container.yml
+++ b/.github/workflows/login-container.yml
@@ -22,6 +22,7 @@ env:
  default_labels: |
    org.opencontainers.image.documentation=https://zitadel.com/docs
    org.opencontainers.image.vendor=CAOS AG
+    org.opencontainers.image.licenses=MIT

 jobs:
  login-container:
@@ -29,6 +30,7 @@ jobs:
    runs-on: depot-ubuntu-22.04-8
    permissions:
      id-token: write
+      packages: write
    steps:
      - uses: actions/checkout@v4
      - uses: depot/setup-action@v1
@@ -40,6 +42,8 @@ jobs:
        with:
          images: ${{ inputs.login_build_image_name }}
          labels: ${{ env.default_labels}}
+          annotations: |
+            manifest:org.opencontainers.image.licenses=MIT
          tags: |
            type=sha,prefix=,suffix=,format=long
      - name: Login to Docker registry
@@ -53,11 +57,14 @@ jobs:
        env:
          NODE_VERSION: ${{ inputs.node_version }}
        with:
-          workdir: login
          push: true
+          provenance: true
+          sbom: true
          targets: login-standalone
-          set: login-standalone.platforms=[linux/amd64,linux/arm64]
+          set: login-*.context=./login/
          project: w47wkxzdtw
          files: |
+            ./login/docker-bake.hcl
+            ./login/docker-bake-release.hcl
            ./docker-bake.hcl
            cwd://${{ steps.login-meta.outputs.bake-file }}