Skip to content

feat(docker-build-cloud): add checksum output #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
aghiles-ait wants to merge 2 commits into from
+24 −0
Closed

feat(docker-build-cloud): add checksum output #125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f885b52
feat(docker-build-cloud): expose checksum output of the pushed image
aghiles-ait Jun 23, 2026
879926c
fix: add newline
aghiles-ait Jun 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/workflows/docker-build-cloud.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,16 @@ on:
dockerhub-password:
description: "DockerHub PAT with Build scope (required to authenticate to Docker Build Cloud endpoint)"
required: true
outputs:
checksum:
description: "Checksum (0x<sha256-hex>) of the pushed multi-arch image index"
value: ${{ jobs.build.outputs.checksum }}

jobs:
build:
runs-on: ubuntu-latest
outputs:
checksum: ${{ steps.checksum.outputs.checksum }}

steps:
- name: Checkout Repository
Expand All @@ -62,6 +68,7 @@ jobs:
endpoint: ${{ inputs.cloud-builder-endpoint }}

- name: Build and push multi-platform image
id: build
uses: docker/build-push-action@v7
with:
build-args: ${{ inputs.build-args }}
Expand All @@ -70,3 +77,13 @@ jobs:
platforms: ${{ inputs.platforms }}
push: true
tags: ${{ inputs.image-name }}:${{ inputs.image-tag }}

- name: Compute checksum of the Docker image
id: checksum
# avoid shell injection through string interpolation
env:
DIGEST: ${{ steps.build.outputs.digest }}
run: |
# build-push-action returns the pushed multi-arch INDEX digest as "sha256:<hex>".
# Expose it as "0x<hex>" to match the docker-build.yml output format.
echo "checksum=0x${DIGEST#sha256:}" | tee -a "$GITHUB_OUTPUT"
7 changes: 7 additions & 0 deletions docker-build-cloud/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ This reusable GitHub Actions workflow builds and pushes a multi-platform Docker
- 🔐 Authenticates to DockerHub for both registry push and DBC endpoint access
- 🏷️ Tags the image with `<image-name>:<image-tag>`
- 🚀 No QEMU emulation, no native ARM runners — DBC handles arch-specific builds
- 🧾 Exposes the pushed multi-arch image index digest as a `checksum` output

> [!IMPORTANT]
> Requires a Docker Build Cloud subscription and a builder configured in your DockerHub organization. The DockerHub PAT must have the **Build** scope to authenticate to the cloud endpoint.
Expand All @@ -33,6 +34,12 @@ This reusable GitHub Actions workflow builds and pushes a multi-platform Docker
| `dockerhub-username` | Username for Docker Hub authentication | Yes |
| `dockerhub-password` | Personal Access Token for Docker Hub with the **Build** scope (needed for DBC endpoint) | Yes |

## 📤 Outputs

| Name | Description |
| ---------- | ----------------------------------------------------------------- |
| `checksum` | Checksum (`0x<sha256-hex>`) of the pushed multi-arch image index |

## 💻 Example Usage

```yaml
Expand Down