Merge pull request #83 from docker/update-actions-toolkit

crazy-max · web-flow · commit 4d4e9f32008e · 2026-01-13T15:32:56.000+01:00
update actions-toolkit to 0.73.0
diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml
@@ -141,7 +141,7 @@ env:
   BUILDKIT_IMAGE: "moby/buildkit:master@sha256:bdefeba47634c596286beabe68219708ed364c4f1a5e4e9a2e160274712a0e89" # TODO: pin to a specific version when signed gha cache feature is available
   SBOM_IMAGE: "docker/buildkit-syft-scanner:1.9.0"
   BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.0.4-56"
-  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.72.0"
+  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.73.0"
   COSIGN_VERSION: "v3.0.2"
   LOCAL_EXPORT_DIR: "/tmp/buildx-output"
   MATRIX_SIZE_LIMIT: "20"
@@ -690,10 +690,9 @@ jobs:
               imageDigest: inpImageDigest
             });
             
-            const verifyResults = await sigstore.verifySignedManifests(
-              { certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/bake.yml.*$` },
-              signResults
-            );
+            const verifyResults = await sigstore.verifySignedManifests(signResults, {
+              certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/bake.yml.*$`
+            });
             
             await core.group(`Verify commands`, async () => {
               const verifyCommands = [];
@@ -722,10 +721,9 @@ jobs:
               localExportDir: inplocalExportDir
             });
             
-            const verifyResults = await sigstore.verifySignedArtifacts(
-              { certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/bake.yml.*$` },
-              signResults
-            );
+            const verifyResults = await sigstore.verifySignedArtifacts(signResults, {
+              certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/bake.yml.*$`
+            });
             
             await core.group(`Verify commands`, async () => {
               const verifyCommands = [];
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -148,7 +148,7 @@ env:
   BUILDKIT_IMAGE: "moby/buildkit:master@sha256:bdefeba47634c596286beabe68219708ed364c4f1a5e4e9a2e160274712a0e89" # TODO: pin to a specific version when signed gha cache feature is available
   SBOM_IMAGE: "docker/buildkit-syft-scanner:1.9.0"
   BINFMT_IMAGE: "tonistiigi/binfmt:qemu-v10.0.4-56"
-  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.72.0"
+  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.73.0"
   COSIGN_VERSION: "v3.0.2"
   LOCAL_EXPORT_DIR: "/tmp/buildx-output"
   MATRIX_SIZE_LIMIT: "20"
@@ -592,10 +592,9 @@ jobs:
               imageDigest: inpImageDigest
             });
             
-            const verifyResults = await sigstore.verifySignedManifests(
-              { certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$` },
-              signResults
-            );
+            const verifyResults = await sigstore.verifySignedManifests(signResults, {
+              certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$`
+            });
             
             await core.group(`Verify commands`, async () => {
               const verifyCommands = [];
@@ -624,10 +623,9 @@ jobs:
               localExportDir: inplocalExportDir
             });
             
-            const verifyResults = await sigstore.verifySignedArtifacts(
-              { certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$` },
-              signResults
-            );
+            const verifyResults = await sigstore.verifySignedArtifacts(signResults, {
+              certificateIdentityRegexp: `^https://github.com/docker/github-builder-experimental/.github/workflows/build.yml.*$`
+            });
             
             await core.group(`Verify commands`, async () => {
               const verifyCommands = [];
diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml
@@ -13,7 +13,7 @@ on:
         required: false
 
 env:
-  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.72.0"
+  DOCKER_ACTIONS_TOOLKIT_MODULE: "@docker/actions-toolkit@0.73.0"
 
 jobs:
   verify:
