constellation/.github/workflows/build-verification-service.yml

name: Build and upload verification-service image

on:
  workflow_dispatch:
  push:
    branches:
      - main
      - "release/**"
    paths:
      - "verify/**"
      - "internal/**"
      - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops
      - ".github/workflows/build-verification-service.yml"

jobs:
  build-verification-service:
    runs-on: ubuntu-22.04
    permissions:
      contents: read
      packages: write
    steps:
      - name: Check out repository
        id: checkout
        uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
        with:
          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}

      - name: Setup Go environment
        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
        with:
          go-version: "1.20.2"

      - name: Build and upload verification-service container image
        id: build-and-upload
        uses: ./.github/actions/build_micro_service_ko
        with:
          name: verification-service
          koTarget: ./verify/cmd
          githubToken: ${{ secrets.GITHUB_TOKEN }}
          cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
          cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
          cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00			`name: Build and upload verification-service image`

			`on:`
			`workflow_dispatch:`
			`push:`
			`branches:`
			`- main`
Run tests on push to release branch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-10-18 10:17:41 -04:00			`- "release/**"`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00			`paths:`
			`- "verify/**"`
ci: build microservices on change of pkg internal Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-12-02 04:44:15 -05:00			`- "internal/**"`
ci: fix rebuild loop of microservice images Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-04 09:49:51 -05:00			`- "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops`
ci: trigger builds on workflow change Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-31 10:44:18 -05:00			`- ".github/workflows/build-verification-service.yml"`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00
			`jobs:`
Rename all activation 2022-07-05 08:13:19 -04:00			`build-verification-service:`
Update GitHub workflow runners to Ubuntu 22.04 (#513) * Update all GitHub action runners to ubuntu-22.04 * Fix license checker script for grep >3.4 2022-11-10 10:55:24 -05:00			`runs-on: ubuntu-22.04`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00			`permissions:`
			`contents: read`
			`packages: write`
			`steps:`
			`- name: Check out repository`
			`id: checkout`
deps: update GitHub action dependencies (#1499) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-22 12:57:47 -04:00			`uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0`
ci: checkout with head ref Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 11:22:26 -05:00			`with:`
ci: don't checkout head ref for PRs from forks 2022-12-19 09:21:28 -05:00			`ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref \|\| '' }}`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`- name: Setup Go environment`
Update GitHub action dependencies (#778) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-12-14 08:55:14 -05:00			`uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0`
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00			`with:`
deps: update to Go 1.20.2 (#1366) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-08 04:05:36 -05:00			`go-version: "1.20.2"`
CI/E2E: (Re)move redunant setup steps 2022-09-14 09:14:26 -04:00
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00			`- name: Build and upload verification-service container image`
			`id: build-and-upload`
ci: reproducible builds integration (#1108) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path 2023-01-30 10:58:49 -05:00			`uses: ./.github/actions/build_micro_service_ko`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00			`with:`
			`name: verification-service`
ci: reproducible builds integration (#1108) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path 2023-01-30 10:58:49 -05:00			`koTarget: ./verify/cmd`
AB#2190 Verification service (#232) * Add verification service * Update verify command to use new Constellation verification service * Deploy verification service on cluster init * Update pcr-reader to use verification service * Add verification service build workflow Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-28 11:03:28 -04:00			`githubToken: ${{ secrets.GITHUB_TOKEN }}`
sbom signing (#303) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-10-21 09:19:51 -04:00			`cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY \|\| secrets.COSIGN_DEV_PUBLIC_KEY }}`
			`cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY \|\| secrets.COSIGN_DEV_PRIVATE_KEY }}`
			`cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD \|\| secrets.COSIGN_DEV_PASSWORD }}`