ghndrx/github-actions-library
1
0
Fork 0
mirror of https://github.com/ghndrx/github-actions-library.git synced 2026-02-10 06:45:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
03325f57841956f7d829058e374161199c4e7496
github-actions-library/.github/workflows/docker-ci.yml
Greg Hendrickson 03325f5784 feat(docker): add Docker CI/CD reusable workflow 
- OIDC authentication to GHCR (keyless, no secrets required)
- Multi-platform builds (linux/amd64, linux/arm64)
- SBOM generation and attestation
- Build provenance attestation
- Trivy vulnerability scanning with SARIF upload
- GitHub Actions cache for layer reuse
- Semantic version tagging from git refs
- All actions pinned to SHA for supply chain security

Follows 2026 GitHub Actions security best practices:
- Pin dependencies by SHA
- Generate software attestations
- Scan for vulnerabilities before push
2026-02-08 18:02:08 +00:00

7.3 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink