constellation/.github/workflows/build-verification-service.yml

43 lines
1.6 KiB
YAML
Raw Normal View History

name: Build and upload verification-service image
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
paths:
- "verify/**"
- "internal/**"
- "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops
- ".github/workflows/build-verification-service.yml"
jobs:
2022-07-05 08:13:19 -04:00
build-verification-service:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
2022-09-14 09:14:26 -04:00
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
2022-09-14 09:14:26 -04:00
with:
go-version: "1.20.2"
2022-09-14 09:14:26 -04:00
- name: Build and upload verification-service container image
id: build-and-upload
uses: ./.github/actions/build_micro_service_ko
with:
name: verification-service
koTarget: ./verify/cmd
githubToken: ${{ secrets.GITHUB_TOKEN }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}