constellation/.github/workflows/build-verification-service.yml

name: Build and upload verification-service image

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - "release/**"
    paths:
      - "verify/**"
      - "internal/**"
      - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops

jobs:
  build-verification-service:
    runs-on: ubuntu-22.04
    permissions:
      contents: read
      packages: write
    steps:
      - name: Check out repository
        id: checkout
        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
        with:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Setup Go environment
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: "1.19.5"

      - name: Build and upload verification-service container image
        id: build-and-upload
        uses: ./.github/actions/build_micro_service
        with:
          name: verification-service
          projectVersion: "0.0.0"
          dockerfile: verify/Dockerfile
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
          cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
          cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00			`name: Build and upload verification-service image`

			`on:`
			`workflow_dispatch:`
			`push:`
			`branches:`
			`- main`
Run tests on push to release branch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-10-18 14:17:41 +00:00			`- "release/**"`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00			`paths:`
			`- "verify/**"`
ci: build microservices on change of pkg internal Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-12-02 09:44:15 +00:00			`- "internal/**"`
ci: fix rebuild loop of microservice images Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-04 14:49:51 +00:00			`- "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00
			`jobs:`
Rename all activation 2022-07-05 12:13:19 +00:00			`build-verification-service:`
Update GitHub workflow runners to Ubuntu 22.04 (#513) * Update all GitHub action runners to ubuntu-22.04 * Fix license checker script for grep >3.4 2022-11-10 15:55:24 +00:00			`runs-on: ubuntu-22.04`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00			`permissions:`
			`contents: read`
			`packages: write`
			`steps:`
			`- name: Check out repository`
			`id: checkout`
Update GitHub action dependencies (#877) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-05 15:17:51 +00:00			`uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0`
ci: checkout with head ref Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 16:22:26 +00:00			`with:`
ci: don't checkout head ref for PRs from forks 2022-12-19 14:21:28 +00:00			`ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref \|\| '' }}`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00
CI/E2E: (Re)move redunant setup steps 2022-09-14 13:14:26 +00:00			`- name: Setup Go environment`
Update GitHub action dependencies (#778) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-12-14 13:55:14 +00:00			`uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0`
CI/E2E: (Re)move redunant setup steps 2022-09-14 13:14:26 +00:00			`with:`
deps: update Go to v1.19.5 (#949) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-12 12:36:17 +00:00			`go-version: "1.19.5"`
CI/E2E: (Re)move redunant setup steps 2022-09-14 13:14:26 +00:00
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00			`- name: Build and upload verification-service container image`
			`id: build-and-upload`
AB#2158 publish measurements (#268) * cleaned up actions and new measure action to generate, sign and upload measurements * improve constellation ip fetching to support multiple control nodes Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-07-13 12:04:46 +00:00			`uses: ./.github/actions/build_micro_service`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00			`with:`
			`name: verification-service`
CI/E2E: (Re)move redunant setup steps 2022-09-14 13:14:26 +00:00			`projectVersion: "0.0.0"`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 15:03:28 +00:00			`dockerfile: verify/Dockerfile`
			`githubToken: ${{ secrets.GITHUB_TOKEN }}`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 13:19:51 +00:00			`cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY \|\| secrets.COSIGN_DEV_PUBLIC_KEY }}`
			`cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY \|\| secrets.COSIGN_DEV_PRIVATE_KEY }}`
			`cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD \|\| secrets.COSIGN_DEV_PASSWORD }}`