constellation/.github/actions/build_ko/action.yml

114 lines
3.4 KiB
YAML
Raw Normal View History

name: Build micro service using Ko
description: Build and upload a go micro service using ko
inputs:
name:
description: "Name of the micro-service"
required: true
registry:
description: "Name of the registry to use"
required: false
default: "ghcr.io"
koConfig:
description: "Path to the .ko.yaml config file"
required: false
default: ".ko.yaml"
koTarget:
description: "Go package to build with ko"
required: true
pushTag:
description: "Use this image tag"
required: true
githubToken:
description: "GitHub authorization token"
required: true
generateKoSBOM:
description: "Generate unsigned ko SBOM"
required: false
default: "false"
outputs:
container_full:
description: "Full container reference"
value: ${{ steps.build.container_full }}
container_image:
description: "Container image"
value: ${{ steps.build.outputs.container_image }}
container_tag:
description: "Container tag"
value: ${{ steps.build.container_tag }}
# Linux runner only
runs:
using: "composite"
steps:
- name: Determine pseudo version
if: ${{ !inputs.pushTag}}
id: pseudo-version
uses: ./.github/actions/pseudo_version
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: "1.20.1"
cache: true
- name: Set up ko
uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
- name: Build and upload ko container image
id: build
shell: bash
env:
KO_USER: ${{ github.actor }}
KO_CONFIG_PATH: ${{ inputs.koConfig }}
KO_PASSWORD: ${{ inputs.githubToken }}
KO_DOCKER_REPO: ${{ inputs.registry }}/edgelesssys/constellation/${{ inputs.name }}
run: |
tags=""
sbom=""
if [[ "${{ github.ref_name }}" == "${{ github.event.repository.default_branch }}" ]]; then
tags="latest"
else
tags="${{ github.sha }}"
fi
if [[ -n "${{ inputs.pushTag }}" ]]; then
if [[ -n "${tags}" ]]; then
tags="${tags},${{ inputs.pushTag }}"
else
tags="${{ inputs.pushTag }}"
fi
fi
if [[ -n "${{ steps.pseudo-version.outputs.pseudoVersion }}" ]]; then
if [[ -n "${tags}" ]]; then
tags="${tags},${{ steps.pseudo-version.outputs.pseudoVersion }}"
else
tags="${{ steps.pseudo-version.outputs.pseudoVersion }}"
fi
fi
if [[ "${{ inputs.generateKoSBOM }}" == "false" ]]; then
sbom="--sbom=none"
fi
echo "Building container image with tags: ${tags}"
container_full=$(ko build ${{ inputs.koTarget }} --bare --tags "${tags}" ${sbom})
container_image=$(echo $container_full | cut -d@ -f1)
container_sha256=$(echo $container_full | cut -d: -f2)
cat <<EOF > container_data_ko.json
{
"container_full": "${container_full}",
"container_image": "${container_image}",
"container_sha256": "${container_sha256}"
}
EOF
- name: Upload Container Data # since github censors hashes that may share data with secrets, we need to upload the data as an artifact
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
with:
name: container_data_ko
path: container_data_ko.json