Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
32f2d53
add: github action to publish docker image
nevil-mathew Aug 6, 2025
b7f6970
Merge pull request #784 from ELEVATE-Project/githib-actions
nevil-mathew Aug 6, 2025
020da8d
Update docker-image.yml
nevil-mathew Aug 6, 2025
35df28e
chore(ci): allow Docker build from specified branch with default staging
nevil-mathew Oct 15, 2025
b8f4948
fix: get-version safely
nevil-mathew Oct 15, 2025
f7d7bf3
Merge pull request #842 from ELEVATE-Project/update-github-work
nevil-mathew Oct 15, 2025
0ebebe1
Merge pull request #855 from ELEVATE-Project/develop
nevil-mathew Oct 27, 2025
6eeb08a
Merge pull request #859 from ELEVATE-Project/develop
nevil-mathew Oct 28, 2025
a3bcc4a
Merge pull request #861 from ELEVATE-Project/develop
nevil-mathew Oct 28, 2025
bc9ff33
Simplify version retrieval in Docker workflow
nevil-mathew Oct 31, 2025
f78daa7
Merge pull request #863 from ELEVATE-Project/docker-workflow
nevil-mathew Oct 31, 2025
3c9ed3d
Merge pull request #760 from ELEVATE-Project/staging
nevil-mathew Nov 18, 2025
d66e074
Merge pull request #866 from ELEVATE-Project/develop
nevil-mathew Mar 5, 2026
13a22f2
Merge pull request #877 from ELEVATE-Project/develop
nevil-mathew Mar 5, 2026
d9066aa
udpated: github actions
nevil-mathew Mar 5, 2026
68fcbfa
updated: github actions
nevil-mathew Mar 5, 2026
cdb3284
Merge pull request #878 from ELEVATE-Project/github-ac
nevil-mathew Mar 5, 2026
200f719
updated: github actions
nevil-mathew Mar 5, 2026
b7bc66c
added: prod release job
nevil-mathew Mar 6, 2026
7a6321d
updated: prod relase action
nevil-mathew Mar 6, 2026
6203236
updated: release job
nevil-mathew Mar 6, 2026
f942210
update: release action
nevil-mathew Mar 6, 2026
dca3785
Merge pull request #879 from ELEVATE-Project/github-ac
nevil-mathew Mar 6, 2026
3ae42a3
Merge pull request #880 from ELEVATE-Project/staging
nevil-mathew Mar 6, 2026
d4c4bc8
update: upgrade SonarCloud orb and change Ubuntu image version
nevil-mathew Apr 2, 2026
2a82b54
Merge pull request #883 from ELEVATE-Project/sonar-ci
nevil-mathew Apr 2, 2026
cbadf99
update: add fetch-depth to checkout step in CircleCI config
nevil-mathew Apr 2, 2026
33f3c1b
update: change checkout method to full in CircleCI config
nevil-mathew Apr 2, 2026
bc7f2be
Merge pull request #884 from ELEVATE-Project/sonar-ci
nevil-mathew Apr 2, 2026
bd40501
Merge pull request #889 from ELEVATE-Project/develop
nevil-mathew Jun 26, 2026
83aa5fe
Merge pull request #892 from ELEVATE-Project/develop
nevil-mathew Jul 15, 2026
8e1b61f
Merge pull request #895 from ELEVATE-Project/develop
nevil-mathew Jul 15, 2026
79cf8c9
Merge pull request #902 from ELEVATE-Project/staging
nevil-mathew Jul 17, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ jobs:
steps:
- checkout:
path: ~/user
method: full
- restore_cache:
key: user-dependency-cache-{{ checksum "src/package.json" }}
- run:
Expand Down
134 changes: 134 additions & 0 deletions .github/workflows/docker-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,134 @@
name: Build, Tag, and Push Docker Image

on:
workflow_dispatch:
inputs:
tag_version:
description: 'Docker image tag version (e.g., 3.3.11)'
required: true
branch:
description: 'Branch to build from (default: staging)'
required: false
default: 'staging'

env:
DOCKER_IMAGE_NAME: elevate-user
DOCKER_REGISTRY: docker.io
DOCKER_NAMESPACE: shikshalokamqa

permissions:
contents: write

jobs:
docker-image-build-and-push:
runs-on: ubuntu-latest

steps:
- name: Checkout code from target branch
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.branch || 'staging' }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Get Docker tag version
id: get-version
shell: bash
run: |
VERSION="${{ github.event.inputs.tag_version }}"
# Strip leading "v" if present
VERSION="${VERSION#v}"
Comment on lines +43 to +47

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Prevent code injection via template expansion.

Interpolating github.event.inputs.tag_version directly into the bash script can lead to command injection if the input contains malicious characters. Passing the input via an environment variable is the recommended secure pattern.

🛡️ Proposed fix to pass input via environment variable
     - name: Get Docker tag version
       id: get-version
       shell: bash
+      env:
+        TAG_VERSION: ${{ github.event.inputs.tag_version }}
       run: |
-        VERSION="${{ github.event.inputs.tag_version }}"
+        VERSION="$TAG_VERSION"
         # Strip leading "v" if present
         VERSION="${VERSION#v}"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
shell: bash
run: |
VERSION="${{ github.event.inputs.tag_version }}"
# Strip leading "v" if present
VERSION="${VERSION#v}"
shell: bash
env:
TAG_VERSION: ${{ github.event.inputs.tag_version }}
run: |
VERSION="$TAG_VERSION"
# Strip leading "v" if present
VERSION="${VERSION#v}"
🧰 Tools
🪛 zizmor (1.26.1)

[error] 45-45: code injection via template expansion (template-injection): may expand into attacker-controllable code

(template-injection)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-image.yml around lines 43 - 47, Update the workflow
step containing the VERSION assignment to pass github.event.inputs.tag_version
through the step’s environment instead of interpolating it directly in the bash
script. Read the environment variable within the script, then preserve the
existing leading “v” removal behavior without changing the resulting version
value.

Source: Linters/SAST tools

# Enforce x.y.z or x.y.z-rc.1 format
if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$ ]]; then
echo "Error: tag_version must look like 3.4.0 or 3.4.0-rc.1 (no other suffixes allowed)"
exit 1
fi
printf 'version=%s\n' "$VERSION" >> "$GITHUB_OUTPUT"

- name: Check if Git tag already exists
run: |
VERSION="${{ steps.get-version.outputs.version }}"
git fetch --tags
if git rev-parse "$VERSION" >/dev/null 2>&1; then

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Strictly check for Git tags to avoid branch collisions.

Using git rev-parse "$VERSION" will also return success if a branch exists with the same name as the version. To exclusively check for a tag, prefix the version with refs/tags/.

💚 Proposed fix to check tags strictly
-        if git rev-parse "$VERSION" >/dev/null 2>&1; then
+        if git rev-parse "refs/tags/$VERSION" >/dev/null 2>&1; then
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if git rev-parse "$VERSION" >/dev/null 2>&1; then
if git rev-parse "refs/tags/$VERSION" >/dev/null 2>&1; then
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-image.yml at line 59, Update the Git reference
check in the workflow’s VERSION validation to resolve only refs/tags/$VERSION
rather than the ambiguous $VERSION name. Preserve the existing success/failure
branching while ensuring branches with matching names cannot satisfy the tag
check.

echo "Error: Git tag $VERSION already exists"
exit 1
fi

- name: Check if version exists on Docker Hub
run: |
VERSION="${{ steps.get-version.outputs.version }}"

LOGIN_RESPONSE=$(curl -s -w "\n%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d '{"username": "${{ secrets.DOCKERHUB_USERNAME }}", "password": "${{ secrets.DOCKERHUB_TOKEN }}"}' \
"https://hub.docker.com/v2/users/login")
Comment on lines +68 to +72

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Build JSON safely to prevent breakage or injection.

Constructing the JSON payload manually with string interpolation breaks if the Docker Hub token contains special characters (like quotes or backslashes), leading to invalid JSON and a failed login. Use jq --arg to safely encode the payload, matching the pattern applied in the promotion workflow (prod-release.yml).

🔧 Proposed fix for robust JSON construction
-        LOGIN_RESPONSE=$(curl -s -w "\n%{http_code}" \
-          -X POST \
-          -H "Content-Type: application/json" \
-          -d '{"username": "${{ secrets.DOCKERHUB_USERNAME }}", "password": "${{ secrets.DOCKERHUB_TOKEN }}"}' \
-          "https://hub.docker.com/v2/users/login")
+        LOGIN_RESPONSE=$(jq -n \
+          --arg username "${{ secrets.DOCKERHUB_USERNAME }}" \
+          --arg password "${{ secrets.DOCKERHUB_TOKEN }}" \
+          '{"username": $username, "password": $password}' \
+          | curl -s -w "\n%{http_code}" \
+              -X POST \
+              -H "Content-Type: application/json" \
+              -d `@-` \
+              "https://hub.docker.com/v2/users/login")
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
LOGIN_RESPONSE=$(curl -s -w "\n%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d '{"username": "${{ secrets.DOCKERHUB_USERNAME }}", "password": "${{ secrets.DOCKERHUB_TOKEN }}"}' \
"https://hub.docker.com/v2/users/login")
LOGIN_RESPONSE=$(jq -n \
--arg username "${{ secrets.DOCKERHUB_USERNAME }}" \
--arg password "${{ secrets.DOCKERHUB_TOKEN }}" \
'{"username": $username, "password": $password}' \
| curl -s -w "\n%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d `@-` \
"https://hub.docker.com/v2/users/login")
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/docker-image.yml around lines 68 - 72, Update the
LOGIN_RESPONSE curl request in the Docker image workflow to construct the login
payload with jq --arg, passing the Docker Hub username and token as arguments
and emitting valid JSON. Preserve the existing login endpoint and response
handling while avoiding manual interpolation of secret values.

LOGIN_HTTP=$(echo "$LOGIN_RESPONSE" | tail -n1)
LOGIN_BODY=$(echo "$LOGIN_RESPONSE" | head -n-1)

if [ "$LOGIN_HTTP" -ne 200 ]; then
echo "Error: Docker Hub login failed with HTTP $LOGIN_HTTP"
exit 1
fi

TOKEN=$(echo "$LOGIN_BODY" | jq -r .token)
if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
echo "Error: Docker Hub login succeeded but returned no token"
exit 1
fi

RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer $TOKEN" \
"https://hub.docker.com/v2/namespaces/${{ env.DOCKER_NAMESPACE }}/repositories/${{ env.DOCKER_IMAGE_NAME }}/tags/$VERSION")

if [ "$RESPONSE" -eq 200 ]; then
echo "Error: Tag $VERSION already exists on Docker Hub"
exit 1
elif [ "$RESPONSE" -eq 404 ]; then
echo "Tag $VERSION not found on Docker Hub — safe to push"
else
echo "Error: Unexpected HTTP $RESPONSE from Docker Hub tag check; aborting to fail safe"
exit 1
fi

- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_NAMESPACE }}/${{ env.DOCKER_IMAGE_NAME }}
tags: |
type=raw,value=${{ steps.get-version.outputs.version }}

- name: Build and push Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Create and push Git tag
run: |
VERSION="${{ steps.get-version.outputs.version }}"
git config user.name "github-actions"
git config user.email "github-actions@github.com"
git tag -a "$VERSION" -m "Release $VERSION"
git push origin "$VERSION"

- name: Job summary
run: |
echo "### Docker Image Published 🚀" >> $GITHUB_STEP_SUMMARY
echo "**Tag:** ${{ steps.get-version.outputs.version }}" >> $GITHUB_STEP_SUMMARY
echo "**Digest:** ${{ steps.build.outputs.digest }}" >> $GITHUB_STEP_SUMMARY
154 changes: 154 additions & 0 deletions .github/workflows/prod-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,154 @@
name: Promote RC to Production Release

on:
workflow_dispatch:
inputs:
rc_tag:
description: "Approved RC tag (example: 3.4.0-rc.2)"
required: true

env:
DOCKER_IMAGE_NAME: elevate-user
DOCKER_REGISTRY: docker.io
DOCKER_NAMESPACE: shikshalokamqa

permissions:
contents: write

concurrency:
group: promote
cancel-in-progress: false

jobs:
promote:
runs-on: ubuntu-latest

steps:
- name: Validate RC tag
id: version
env:
RC_TAG: ${{ github.event.inputs.rc_tag }}
run: |
if ! [[ "$RC_TAG" =~ ^([0-9]+\.[0-9]+\.[0-9]+)-rc\.[0-9]+$ ]]; then
echo "Invalid rc_tag format. Must look like 3.4.0-rc.2"
exit 1
fi
RELEASE_TAG=$(echo "$RC_TAG" | sed 's/-rc\.[0-9]*//')
echo "rc=$RC_TAG" >> $GITHUB_OUTPUT
echo "release=$RELEASE_TAG" >> $GITHUB_OUTPUT

- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Verify RC commit exists in main
id: verify
run: |
RC_TAG="${{ steps.version.outputs.rc }}"
git fetch origin main --tags
RC_COMMIT=$(git rev-list -n 1 "$RC_TAG")
if git merge-base --is-ancestor "$RC_COMMIT" origin/main; then
echo "RC commit is present in main — safe to promote."
else
echo "Error: RC tag commit is NOT in main."
echo "Merge staging → main before promoting."
exit 1
fi
echo "rc_commit=$RC_COMMIT" >> $GITHUB_OUTPUT

- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Check RC image exists and production tag is absent on Docker Hub
run: |
RC_TAG="${{ steps.version.outputs.rc }}"
RELEASE_TAG="${{ steps.version.outputs.release }}"

# FIX 1: Build JSON safely with jq --arg to avoid special-character injection
LOGIN_RESPONSE=$(jq -n \
--arg username "${{ secrets.DOCKERHUB_USERNAME }}" \
--arg password "${{ secrets.DOCKERHUB_TOKEN }}" \
'{"username": $username, "password": $password}' \
| curl -s -w "\n%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d @- \
"https://hub.docker.com/v2/users/login")
Comment on lines +71 to +80

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Pass secrets via environment variables to prevent shell injection and corruption.

Injecting secrets directly into the run script using ${{ }} evaluates them before bash runs. If the secrets contain special characters (like ", $, or backticks), they will be interpreted by bash, which can silently corrupt the credentials or cause script failures. This undoes the safety gained by using jq --arg.

Instead, map the secrets to the step's env context and reference them as bash variables.

🔒 Proposed fix
     - name: Check RC image exists and production tag is absent on Docker Hub
+      env:
+        DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
+        DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
       run: |
         RC_TAG="${{ steps.version.outputs.rc }}"
         RELEASE_TAG="${{ steps.version.outputs.release }}"
 
         # FIX 1: Build JSON safely with jq --arg to avoid special-character injection
         LOGIN_RESPONSE=$(jq -n \
-          --arg username "${{ secrets.DOCKERHUB_USERNAME }}" \
-          --arg password "${{ secrets.DOCKERHUB_TOKEN }}" \
+          --arg username "$DOCKER_USER" \
+          --arg password "$DOCKER_PASS" \
           '{"username": $username, "password": $password}' \
           | curl -s -w "\n%{http_code}" \
               -X POST \
               -H "Content-Type: application/json" \
               -d `@-` \
               "https://hub.docker.com/v2/users/login")
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# FIX 1: Build JSON safely with jq --arg to avoid special-character injection
LOGIN_RESPONSE=$(jq -n \
--arg username "${{ secrets.DOCKERHUB_USERNAME }}" \
--arg password "${{ secrets.DOCKERHUB_TOKEN }}" \
'{"username": $username, "password": $password}' \
| curl -s -w "\n%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d @- \
"https://hub.docker.com/v2/users/login")
env:
DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
# FIX 1: Build JSON safely with jq --arg to avoid special-character injection
LOGIN_RESPONSE=$(jq -n \
--arg username "$DOCKER_USER" \
--arg password "$DOCKER_PASS" \
'{"username": $username, "password": $password}' \
| curl -s -w "\n%{http_code}" \
-X POST \
-H "Content-Type: application/json" \
-d `@-` \
"https://hub.docker.com/v2/users/login")
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/prod-release.yml around lines 71 - 80, Update the
LOGIN_RESPONSE step to pass DOCKERHUB_USERNAME and DOCKERHUB_TOKEN through the
step’s env mapping, then reference those bash variables in the jq --arg
arguments instead of embedding GitHub secret expressions directly in the run
script. Preserve the existing jq-based JSON construction and curl request.

LOGIN_HTTP=$(echo "$LOGIN_RESPONSE" | tail -n1)
LOGIN_BODY=$(echo "$LOGIN_RESPONSE" | head -n-1)

if [ "$LOGIN_HTTP" -ne 200 ]; then
echo "Error: Docker Hub login failed with HTTP $LOGIN_HTTP"
exit 1
fi

TOKEN=$(echo "$LOGIN_BODY" | jq -r .token)
if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
echo "Error: Docker Hub login succeeded but returned no token"
exit 1
fi

# Verify RC image exists
RC_RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer $TOKEN" \
"https://hub.docker.com/v2/namespaces/${{ env.DOCKER_NAMESPACE }}/repositories/${{ env.DOCKER_IMAGE_NAME }}/tags/$RC_TAG")
if [ "$RC_RESPONSE" -eq 404 ]; then
echo "Error: RC image $RC_TAG not found on Docker Hub"
exit 1
elif [ "$RC_RESPONSE" -ne 200 ]; then
echo "Error: Unexpected HTTP $RC_RESPONSE checking RC image — aborting to fail safe"
exit 1
fi
echo "RC image $RC_TAG confirmed on Docker Hub."

# Verify production tag does not already exist
PROD_RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \
-H "Authorization: Bearer $TOKEN" \
"https://hub.docker.com/v2/namespaces/${{ env.DOCKER_NAMESPACE }}/repositories/${{ env.DOCKER_IMAGE_NAME }}/tags/$RELEASE_TAG")
if [ "$PROD_RESPONSE" -eq 200 ]; then
echo "Error: Production tag $RELEASE_TAG already exists on Docker Hub"
exit 1
elif [ "$PROD_RESPONSE" -ne 404 ]; then
echo "Error: Unexpected HTTP $PROD_RESPONSE checking production tag — aborting to fail safe"
exit 1
fi
echo "Production tag $RELEASE_TAG is absent — safe to promote."

# FIX 2: Replace pull/tag/push with imagetools create to preserve multi-arch manifest
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Retag RC image as production (multi-arch)
run: |
docker buildx imagetools create \
--tag ${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_NAMESPACE }}/${{ env.DOCKER_IMAGE_NAME }}:${{ steps.version.outputs.release }} \
${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_NAMESPACE }}/${{ env.DOCKER_IMAGE_NAME }}:${{ steps.version.outputs.rc }}

- name: Create production Git tag
run: |
VERSION="${{ steps.version.outputs.release }}"
git config user.name "github-actions"
git config user.email "github-actions@github.com"
git fetch --tags
if git rev-parse "$VERSION" >/dev/null 2>&1; then
echo "Error: Git tag $VERSION already exists"
exit 1
fi
git tag -a "$VERSION" "${{ steps.verify.outputs.rc_commit }}" -m "Release $VERSION"
git push origin "$VERSION"

- name: Job summary
run: |
# FIX 3: Use imagetools inspect to get digest from remote (image not pulled locally)
DIGEST=$(docker buildx imagetools inspect \
${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_NAMESPACE }}/${{ env.DOCKER_IMAGE_NAME }}:${{ steps.version.outputs.release }} \
--format '{{json .Manifest}}' \
| jq -r '.digest')
echo "### Production Promotion Complete 🚀" >> $GITHUB_STEP_SUMMARY
echo "**RC Image:** ${{ steps.version.outputs.rc }}" >> $GITHUB_STEP_SUMMARY
echo "**Release Image:** ${{ steps.version.outputs.release }}" >> $GITHUB_STEP_SUMMARY
echo "**Digest:** $DIGEST" >> $GITHUB_STEP_SUMMARY
Loading