mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-23 05:41:19 -05:00
57 lines
1.2 KiB
Bash
57 lines
1.2 KiB
Bash
|
#!/usr/bin/env bash
|
||
|
|
||
|
set -euo pipefail
|
||
|
shopt -s inherit_errexit
|
||
|
|
||
|
# buildImage <apko_config_path>
|
||
|
function buildImage() {
|
||
|
local imageConfig=$1
|
||
|
|
||
|
echo "Building image for ${imageConfig}"
|
||
|
|
||
|
local imageName
|
||
|
imageName=$(basename "${imageConfig}" | cut -d. -f1)
|
||
|
registryPath="${REGISTRY}/edgelesssys/apko-${imageName}"
|
||
|
outTar="${imageName}.tar"
|
||
|
|
||
|
mkdir -p "sboms/${imageName}"
|
||
|
|
||
|
# build the image
|
||
|
docker run \
|
||
|
-v "${PWD}":/work \
|
||
|
cgr.dev/chainguard/apko:"${APKO_TAG}" \
|
||
|
build \
|
||
|
"${imageConfig}" \
|
||
|
--build-arch "${APKO_ARCH}" \
|
||
|
--sbom \
|
||
|
"${registryPath}" \
|
||
|
"${outTar}"
|
||
|
|
||
|
# push container
|
||
|
docker load < "${outTar}"
|
||
|
docker push "${registryPath}"
|
||
|
imageDigest=$(docker inspect --format='{{index .RepoDigests 0}}' "${registryPath}")
|
||
|
echo "${imageDigest}" >> "${GITHUB_STEP_SUMMARY}"
|
||
|
|
||
|
# cosign the container and push to registry
|
||
|
cosign sign \
|
||
|
--key env://COSIGN_PRIVATE_KEY \
|
||
|
"${imageDigest}" \
|
||
|
-y
|
||
|
|
||
|
# move sboms to folder
|
||
|
mv sbom-*.* "sboms/${imageName}/"
|
||
|
}
|
||
|
|
||
|
mkdir "sboms"
|
||
|
|
||
|
if [[ -n ${APKO_CONFIG} ]]; then
|
||
|
buildImage "${APKO_CONFIG}"
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
echo "Building all images in image"
|
||
|
for imageConfig in apko/*.yaml; do
|
||
|
buildImage "${imageConfig}"
|
||
|
done
|