constellation/.github/actions/build_micro_service_ko/action.yml

name: Build micro service (KO)
description: Build and upload a container image for a Constellation micro-service
inputs:
  name:
    description: "Name of the micro-service"
    required: true
  koConfig:
    description: "Path to the .ko.yaml config file"
    default: ".ko.yaml"
    required: false
  koTarget:
    description: "Go package to build with ko"
    required: true
  pushTag:
    description: "Use this image tag"
    required: false
  githubToken:
    description: "GitHub authorization token"
    required: true
  generateKoSBOM:
    description: "Generate unsigned ko SBOM"
    required: false
    default: "false"
  cosignPublicKey:
    description: "Cosign public key"
    required: true
  cosignPrivateKey:
    description: "Cosign private key"
    required: true
  cosignPassword:
    description: "Password for Cosign private key"
    required: false

# Linux runner only
runs:
  using: "composite"
  steps:
    - name: Build and upload container image
      id: build-and-upload
      uses: ./.github/actions/build_ko
      with:
        name: ${{ inputs.name }}
        koConfig: ${{ inputs.koConfig }}
        koTarget: ${{ inputs.koTarget }}
        pushTag: ${{ inputs.pushTag }}
        githubToken: ${{ inputs.GITHUB_TOKEN }}

    - name: Download ko Container Data
      id: download_container_data
      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
      with:
        name: container_data_ko
        path: CONTAINER_DATA_KO

    - name: Set container url to Github Env
      shell: bash
      run: |
        container_full=$(jq -r .container_full < container_data_ko.json)
        echo CONTAINER_FULL=$container_full >> $GITHUB_ENV

    - name: Generate SBOM
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' && inputs.generateKoSBOM == 'false'
      uses: ./.github/actions/container_sbom
      with:
        containerReference: ${{ env.CONTAINER_FULL }}
        cosignPublicKey: ${{ inputs.cosignPublicKey }}
        cosignPrivateKey: ${{ inputs.cosignPrivateKey }}
        cosignPassword: ${{ inputs.cosignPassword }}
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`name: Build micro service (KO)`
			`description: Build and upload a container image for a Constellation micro-service`
			`inputs:`
			`name:`
			`description: "Name of the micro-service"`
			`required: true`
			`koConfig:`
			`description: "Path to the .ko.yaml config file"`
			`default: ".ko.yaml"`
			`required: false`
			`koTarget:`
			`description: "Go package to build with ko"`
			`required: true`
			`pushTag:`
			`description: "Use this image tag"`
			`required: false`
			`githubToken:`
			`description: "GitHub authorization token"`
			`required: true`
			`generateKoSBOM:`
			`description: "Generate unsigned ko SBOM"`
			`required: false`
			`default: "false"`
			`cosignPublicKey:`
			`description: "Cosign public key"`
ci: reproducible builds integration (#1108) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path 2023-01-30 10:58:49 -05:00			`required: true`
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`cosignPrivateKey:`
			`description: "Cosign private key"`
ci: reproducible builds integration (#1108) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path 2023-01-30 10:58:49 -05:00			`required: true`
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`cosignPassword:`
			`description: "Password for Cosign private key"`
			`required: false`

			`# Linux runner only`
			`runs:`
			`using: "composite"`
			`steps:`
			`- name: Build and upload container image`
			`id: build-and-upload`
			`uses: ./.github/actions/build_ko`
			`with:`
			`name: ${{ inputs.name }}`
ci: reproducible builds integration (#1108) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path 2023-01-30 10:58:49 -05:00			`koConfig: ${{ inputs.koConfig }}`
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`koTarget: ${{ inputs.koTarget }}`
ci: reproducible builds integration (#1108) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path 2023-01-30 10:58:49 -05:00			`pushTag: ${{ inputs.pushTag }}`
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`githubToken: ${{ inputs.GITHUB_TOKEN }}`

			`- name: Download ko Container Data`
			`id: download_container_data`
Update GitHub action dependencies (#1007) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 11:04:46 -05:00			`uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2`
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`with:`
			`name: container_data_ko`
			`path: CONTAINER_DATA_KO`

			`- name: Set container url to Github Env`
			`shell: bash`
			`run: \|`
			`container_full=$(jq -r .container_full < container_data_ko.json)`
			`echo CONTAINER_FULL=$container_full >> $GITHUB_ENV`

			`- name: Generate SBOM`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00			`if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' && inputs.generateKoSBOM == 'false'`
ci: reproducible builds ko (no gcp) (#871) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms 2023-01-13 10:38:31 -05:00			`uses: ./.github/actions/container_sbom`
			`with:`
			`containerReference: ${{ env.CONTAINER_FULL }}`
			`cosignPublicKey: ${{ inputs.cosignPublicKey }}`
			`cosignPrivateKey: ${{ inputs.cosignPrivateKey }}`
			`cosignPassword: ${{ inputs.cosignPassword }}`