Skip to content

Ensure all project images are generated#31

Merged
JoshuaAFerguson merged 1 commit into
mainfrom
claude/fix-image-generation-01GHF3oVACbDEzNn5RKJ8vAR
Nov 16, 2025
Merged

Ensure all project images are generated#31
JoshuaAFerguson merged 1 commit into
mainfrom
claude/fix-image-generation-01GHF3oVACbDEzNn5RKJ8vAR

Conversation

@JoshuaAFerguson

@JoshuaAFerguson JoshuaAFerguson commented Nov 16, 2025

Copy link
Copy Markdown
Member

Consolidates three separate workflows into one comprehensive pipeline that builds, signs, and publishes all container images.

Changes:

  • Fixed controller and API Dockerfiles to use TARGETARCH for proper multi-platform builds (linux/amd64 and linux/arm64)
  • Created new container-images.yml workflow that combines:
    • Multi-arch image builds with proper versioning
    • Cosign keyless signing for supply chain security
    • SBOM generation and attestation
    • Trivy vulnerability scanning
    • Helm chart updates on release
    • GitHub release creation with artifacts
  • Removed redundant workflows:
    • docker.yml (duplicated build logic)
    • build-images.yml (duplicated build logic)
    • image-signing.yml (merged into new workflow)

All images are now:

  • Built for both amd64 and arm64
  • Signed with Cosign (keyless, OIDC)
  • Scanned for vulnerabilities
  • Published with SBOMs and provenance

This ensures all StreamSpace images are properly generated by GitHub Actions with full supply chain security and multi-platform support.

@claude
feat: consolidate image builds with proper multi-arch support
bd17329 
Consolidates three separate workflows into one comprehensive pipeline
that builds, signs, and publishes all container images.

Changes:
- Fixed controller and API Dockerfiles to use TARGETARCH for proper
  multi-platform builds (linux/amd64 and linux/arm64)
- Created new container-images.yml workflow that combines:
  - Multi-arch image builds with proper versioning
  - Cosign keyless signing for supply chain security
  - SBOM generation and attestation
  - Trivy vulnerability scanning
  - Helm chart updates on release
  - GitHub release creation with artifacts
- Removed redundant workflows:
  - docker.yml (duplicated build logic)
  - build-images.yml (duplicated build logic)
  - image-signing.yml (merged into new workflow)

All images are now:
- Built for both amd64 and arm64
- Signed with Cosign (keyless, OIDC)
- Scanned for vulnerabilities
- Published with SBOMs and provenance

This ensures all StreamSpace images are properly generated by GitHub
Actions with full supply chain security and multi-platform support.
@JoshuaAFerguson JoshuaAFerguson merged commit 2a65c61 into main Nov 16, 2025
10 of 23 checks passed
@JoshuaAFerguson JoshuaAFerguson deleted the claude/fix-image-generation-01GHF3oVACbDEzNn5RKJ8vAR branch November 16, 2025 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JoshuaAFerguson @claude