2023-12-11 14:00:08 +00:00
name : Draft release
2022-08-23 11:43:20 +00:00
on :
workflow_dispatch :
2023-01-06 10:49:55 +00:00
inputs :
2023-09-07 06:47:01 +00:00
versionName :
type : string
description : "Version to use for the release (e.g. v1.2.3)"
required : true
2023-01-06 10:49:55 +00:00
ref :
type : string
description : "Git ref to checkout"
required : false
2023-04-04 08:16:04 +00:00
pushContainers :
type : boolean
description : "Push containers pinned in the cli to container registry"
required : false
default : false
registry :
description : "Container registry to use"
type : string
default : ghcr.io
2023-06-14 07:56:11 +00:00
key :
description : "Key to use for signing. Set to 'release' to use release key, set to 'dev' to use the dev key."
type : string
required : true
2023-01-06 10:49:55 +00:00
workflow_call :
inputs :
2023-09-07 06:47:01 +00:00
versionName :
type : string
description : "Version to use for the release (e.g. v1.2.3)"
required : true
2023-01-06 10:49:55 +00:00
ref :
type : string
description : "Git ref to checkout"
required : true
2023-04-04 08:16:04 +00:00
pushContainers :
type : boolean
description : "Push containers pinned in the cli to container registry"
required : false
default : false
registry :
description : "Container registry to use"
type : string
default : ghcr.io
2023-06-14 07:56:11 +00:00
key :
description : "Key to use for signing. Set to 'release' to use release key, set to 'dev' to use the dev key."
type : string
required : true
2022-08-23 11:43:20 +00:00
jobs :
build-cli :
2022-11-10 15:55:24 +00:00
runs-on : ubuntu-22.04
2022-11-25 15:13:20 +00:00
strategy :
fail-fast : false
matrix :
2023-07-10 08:21:48 +00:00
include :
- arch : amd64
os : linux
- arch : amd64
os : darwin
- arch : amd64
os : windows
- arch : arm64
os : linux
- arch : arm64
os : darwin
2022-08-23 11:43:20 +00:00
steps :
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2022-11-10 16:22:26 +00:00
with :
2023-01-06 10:49:55 +00:00
ref : ${{ inputs.ref || github.head_ref }}
2023-01-18 09:15:58 +00:00
2023-03-20 15:05:08 +00:00
- name : Setup bazel
2023-10-04 11:55:38 +00:00
uses : ./.github/actions/setup_bazel_nix
2023-03-20 15:05:08 +00:00
with :
useCache : "false"
2022-11-25 15:13:20 +00:00
- name : Build CLI
2022-08-23 11:43:20 +00:00
uses : ./.github/actions/build_cli
with :
2022-11-25 15:13:20 +00:00
targetOS : ${{ matrix.os }}
targetArch : ${{ matrix.arch }}
2022-09-13 12:27:38 +00:00
enterpriseCLI : true
2023-06-14 07:56:11 +00:00
cosignPublicKey : ${{ inputs.key == 'release' && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey : ${{ inputs.key == 'release' && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword : ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
2023-01-18 09:15:58 +00:00
2023-07-10 08:21:48 +00:00
- name : Upload CLI as artifact (unix)
2024-02-07 13:50:15 +00:00
uses : actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
2023-07-10 08:21:48 +00:00
if : ${{ matrix.os != 'windows' }}
2022-08-31 10:27:26 +00:00
with :
2022-11-25 15:13:20 +00:00
name : constellation-${{ matrix.os }}-${{ matrix.arch }}
2024-01-30 08:26:40 +00:00
path : |
2023-06-14 07:56:11 +00:00
build/constellation-${{ matrix.os }}-${{ matrix.arch }}
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig
2022-08-31 10:27:26 +00:00
2023-07-10 08:21:48 +00:00
- name : Upload CLI as artifact (windows)
2024-02-07 13:50:15 +00:00
uses : actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
2023-07-10 08:21:48 +00:00
if : ${{ matrix.os == 'windows' }}
with :
name : constellation-${{ matrix.os }}-${{ matrix.arch }}
2024-01-30 08:26:40 +00:00
path : |
2023-07-10 08:21:48 +00:00
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe.sig
2023-12-11 14:00:08 +00:00
build-terraform-provider :
runs-on : ubuntu-22.04
strategy :
fail-fast : false
matrix :
include :
- arch : amd64
os : linux
- arch : amd64
os : darwin
# No Windows release until we have a test suite for it
#- arch: amd64
# os: windows
- arch : arm64
os : linux
- arch : arm64
os : darwin
steps :
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2023-12-11 14:00:08 +00:00
with :
ref : ${{ inputs.ref || github.head_ref }}
- name : Setup bazel
uses : ./.github/actions/setup_bazel_nix
with :
useCache : "false"
- name : Build Terraform Provider Binary
uses : ./.github/actions/build_tf_provider
with :
targetOS : ${{ matrix.os }}
targetArch : ${{ matrix.arch }}
- name : Upload Terraform Provider Binary as artifact (unix)
2024-02-07 13:50:15 +00:00
uses : actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
2023-12-11 14:00:08 +00:00
if : ${{ matrix.os != 'windows' }}
with :
name : terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
path : |
build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
- name : Upload Terraform Provider Binary as artifact (windows)
2024-02-07 13:50:15 +00:00
uses : actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
2023-12-11 14:00:08 +00:00
if : ${{ matrix.os == 'windows' }}
with :
name : terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
path : |
build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}.exe
2023-11-13 17:46:20 +00:00
upload-terraform-module :
runs-on : ubuntu-22.04
steps :
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2023-11-13 17:46:20 +00:00
with :
ref : ${{ inputs.ref || github.head_ref }}
2023-12-14 14:47:55 +00:00
- name : Upload Terraform infrastructure module
2023-11-13 17:46:20 +00:00
uses : ./.github/actions/upload_terraform_module
2023-04-04 08:16:04 +00:00
push-containers :
runs-on : ubuntu-22.04
if : inputs.pushContainers
permissions :
actions : read
contents : write
id-token : write
packages : write
steps :
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2023-04-04 08:16:04 +00:00
with :
ref : ${{ inputs.ref || github.head_ref }}
- name : Setup bazel
2023-10-04 11:55:38 +00:00
uses : ./.github/actions/setup_bazel_nix
2023-04-04 08:16:04 +00:00
with :
useCache : "false"
- name : Log in to the Container registry
2023-06-06 10:20:09 +00:00
uses : ./.github/actions/container_registry_login
2023-04-04 08:16:04 +00:00
with :
registry : ${{ inputs.registry }}
username : ${{ github.actor }}
password : ${{ secrets.GITHUB_TOKEN }}
- name : Upload referenced container images
shell : bash
2023-04-28 07:26:15 +00:00
run : bazel run //bazel/release:push
2023-04-04 08:16:04 +00:00
2022-11-25 15:13:20 +00:00
provenance-subjects :
runs-on : ubuntu-22.04
needs :
- build-cli
- signed-sbom
2023-11-13 17:46:20 +00:00
- upload-terraform-module
2023-12-11 14:00:08 +00:00
- build-terraform-provider
2022-11-25 15:13:20 +00:00
outputs :
provenance-subjects : ${{ steps.provenance-subjects.outputs.provenance-subjects }}
steps :
2023-12-11 14:00:08 +00:00
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2022-11-25 15:13:20 +00:00
with :
2023-12-11 14:00:08 +00:00
ref : ${{ inputs.ref || github.head_ref }}
2023-01-18 09:15:58 +00:00
2023-12-11 14:00:08 +00:00
- name : Download release binaries
uses : ./.github/actions/download_release_binaries
2023-07-10 08:21:48 +00:00
2022-11-25 15:13:20 +00:00
- name : Download CLI SBOM
2024-02-21 14:29:06 +00:00
uses : actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
2022-11-25 15:13:20 +00:00
with :
name : constellation.spdx.sbom
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Generate provenance subjects
id : provenance-subjects
run : |
2023-05-02 07:59:55 +00:00
HASHES=$(sha256sum \
2022-11-25 15:13:20 +00:00
constellation-darwin-amd64 \
constellation-darwin-arm64 \
constellation-linux-amd64 \
constellation-linux-arm64 \
2023-07-10 08:21:48 +00:00
constellation-windows-amd64.exe \
2023-11-10 12:32:18 +00:00
constellation.spdx.sbom \
2023-12-11 14:00:08 +00:00
terraform-module.zip \
terraform-provider-constellation-darwin-amd64 \
terraform-provider-constellation-darwin-arm64 \
terraform-provider-constellation-linux-amd64 \
terraform-provider-constellation-linux-arm64)
2022-11-25 15:13:20 +00:00
HASHESB64=$(echo "${HASHES}" | base64 -w0)
echo "${HASHES}"
echo "${HASHESB64}"
echo provenance-subjects="${HASHESB64}" >> "$GITHUB_OUTPUT"
2022-08-23 11:43:20 +00:00
2022-11-25 15:13:20 +00:00
signed-sbom :
runs-on : ubuntu-22.04
steps :
2023-01-18 16:33:10 +00:00
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2023-01-18 16:33:10 +00:00
with :
ref : ${{ inputs.ref || github.head_ref }}
2022-11-25 15:13:20 +00:00
- name : Install Cosign
2024-02-21 14:29:06 +00:00
uses : sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
2023-01-18 09:15:58 +00:00
2023-02-22 13:17:02 +00:00
- name : Download Syft & Grype
uses : ./.github/actions/install_syft_grype
2023-03-20 15:05:08 +00:00
- name : Setup bazel
2023-10-04 11:55:38 +00:00
uses : ./.github/actions/setup_bazel_nix
2023-03-20 15:05:08 +00:00
with :
useCache : "false"
2023-01-18 10:36:39 +00:00
# Build one CLI since Syft's go-module catalog will default to binary parsing.
# Binary parsing has the advantage that it will not include other dependencies from our repo not included in the CLI.
# This seems to work fine for one OS & one arch as long as we don't have OS specific imports.
# Luckily, so far this does not seem to be the case.
# As of v2.4.0, all SBOMs seem to have the same packages for [linux|darwin] & [amd64|arm64].
# If this changes, this should be split up into multiple builds & multiple SBOMs.
- name : Build CLI (amd64, linux)
uses : ./.github/actions/build_cli
with :
targetOS : "linux"
targetArch : "amd64"
2023-05-30 07:08:12 +00:00
enterpriseCLI : true
2023-01-18 10:36:39 +00:00
2022-11-25 15:13:20 +00:00
- name : Build signed SBOM
2023-01-18 10:36:39 +00:00
run : |
syft build/constellation-linux-amd64 --catalogers go-module --file constellation.spdx.sbom -o spdx-json
2024-02-29 08:40:13 +00:00
cosign sign-blob --yes --key env://COSIGN_PRIVATE_KEY constellation.spdx.sbom > constellation.spdx.sbom.sig
2023-01-18 10:36:39 +00:00
grype constellation.spdx.sbom --fail-on high --only-fixed --add-cpes-if-none
2022-10-21 13:19:51 +00:00
env :
COSIGN_EXPERIMENTAL : 1
2023-09-01 14:40:09 +00:00
COSIGN_PUBLIC_KEY : ${{ inputs.key == 'release' && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
COSIGN_PRIVATE_KEY : ${{ inputs.key == 'release' && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
COSIGN_PASSWORD : ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Upload Constellation CLI SBOM
2024-02-07 13:50:15 +00:00
uses : actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
2022-11-25 15:13:20 +00:00
with :
name : constellation.spdx.sbom
path : constellation.spdx.sbom
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Upload Constellation CLI SBOM's signature
2024-02-07 13:50:15 +00:00
uses : actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
2022-11-25 15:13:20 +00:00
with :
name : constellation.spdx.sbom.sig
path : constellation.spdx.sbom.sig
provenance :
permissions :
actions : read
contents : write
id-token : write
needs :
- provenance-subjects
# This must not be pinned to digest. See:
# https://github.com/slsa-framework/slsa-github-generator#referencing-slsa-builders-and-generators
2024-04-05 12:29:52 +00:00
uses : slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
2022-11-25 15:13:20 +00:00
with :
base64-subjects : "${{ needs.provenance-subjects.outputs.provenance-subjects }}"
2022-09-02 14:49:59 +00:00
2022-11-25 15:13:20 +00:00
provenance-verify :
runs-on : ubuntu-22.04
env :
2024-04-05 19:00:33 +00:00
SLSA_VERIFIER_VERSION : "2.5.1"
2022-11-25 15:13:20 +00:00
needs :
- build-cli
- provenance
2023-11-13 17:46:20 +00:00
- upload-terraform-module
2023-12-11 14:00:08 +00:00
- build-terraform-provider
2022-11-25 15:13:20 +00:00
steps :
2023-12-11 14:00:08 +00:00
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2022-11-25 15:13:20 +00:00
with :
2023-12-11 14:00:08 +00:00
ref : ${{ inputs.ref || github.head_ref }}
2023-01-18 09:15:58 +00:00
2023-12-11 14:00:08 +00:00
- name : Download release binaries
uses : ./.github/actions/download_release_binaries
2023-07-10 08:21:48 +00:00
2022-11-25 15:13:20 +00:00
- name : Download CLI SBOM
2024-02-21 14:29:06 +00:00
uses : actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
2022-11-25 15:13:20 +00:00
with :
name : constellation.spdx.sbom
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Download provenance
2024-02-29 08:39:41 +00:00
# Need to use the same major version as slsa-github-generator to find uploaded artifacts
# https://github.com/slsa-framework/slsa-github-generator/issues/3068
uses : actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
2022-11-25 15:13:20 +00:00
with :
name : ${{ needs.provenance.outputs.provenance-name }}
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Install slsa-verifier
run : |
2023-01-19 10:22:31 +00:00
curl -fsSLO https://github.com/slsa-framework/slsa-verifier/releases/download/v${{ env.SLSA_VERIFIER_VERSION }}/slsa-verifier-linux-amd64
2022-11-25 15:13:20 +00:00
install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Verify provenance
run : |
slsa-verifier verify-artifact constellation-darwin-amd64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact constellation-darwin-arm64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact constellation-linux-amd64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact constellation-linux-arm64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
2023-07-10 08:21:48 +00:00
slsa-verifier verify-artifact constellation-windows-amd64.exe \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
2023-12-11 14:00:08 +00:00
slsa-verifier verify-artifact terraform-provider-constellation-darwin-amd64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact terraform-provider-constellation-darwin-arm64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact terraform-provider-constellation-linux-amd64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact terraform-provider-constellation-linux-arm64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
2022-11-25 15:13:20 +00:00
slsa-verifier verify-artifact constellation.spdx.sbom \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
2023-11-10 12:32:18 +00:00
slsa-verifier verify-artifact terraform-module.zip \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
2022-11-25 15:13:20 +00:00
release :
2023-06-09 09:50:39 +00:00
permissions :
contents : write
2022-11-25 15:13:20 +00:00
runs-on : ubuntu-22.04
needs :
- build-cli
- provenance
- signed-sbom
2023-11-13 17:46:20 +00:00
- upload-terraform-module
2023-12-11 14:00:08 +00:00
- build-terraform-provider
2022-11-25 15:13:20 +00:00
steps :
2023-12-11 14:00:08 +00:00
- name : Checkout
id : checkout
2023-12-20 15:10:35 +00:00
uses : actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
2023-12-11 14:00:08 +00:00
with :
ref : ${{ inputs.ref || github.head_ref }}
2022-11-25 15:13:20 +00:00
- name : Write cosign public key
run : echo "$COSIGN_PUBLIC_KEY" > cosign.pub
env :
2023-09-01 14:40:09 +00:00
COSIGN_PUBLIC_KEY : ${{ inputs.key == 'release' && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
2023-01-18 09:15:58 +00:00
2023-12-11 14:00:08 +00:00
- name : Download binaries
uses : ./.github/actions/download_release_binaries
2023-07-10 08:21:48 +00:00
2023-12-11 14:00:08 +00:00
- name : Download CLI SBOM
2024-02-21 14:29:06 +00:00
uses : actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
2022-11-25 15:13:20 +00:00
with :
name : constellation.spdx.sbom
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Download Constellation CLI SBOM's signature
2024-02-21 14:29:06 +00:00
uses : actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
2022-11-25 15:13:20 +00:00
with :
name : constellation.spdx.sbom.sig
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Download Constellation provenance
2024-02-29 08:39:41 +00:00
# Need to use the same major version as slsa-github-generator to find uploaded artifacts
# https://github.com/slsa-framework/slsa-github-generator/issues/3068
uses : actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
2022-11-25 15:13:20 +00:00
with :
name : ${{ needs.provenance.outputs.provenance-name }}
2023-01-18 09:15:58 +00:00
2022-11-25 15:13:20 +00:00
- name : Rename provenance file
run : |
mv ${{ needs.provenance.outputs.provenance-name }} constellation.intoto.jsonl
2023-01-18 09:15:58 +00:00
2023-12-11 14:00:08 +00:00
- name : Create Terraform provider release files
run : |
# Remove the "v" prefix from the version as required by the Terraform registry
version="${{ inputs.versionName }}"
version="${version#v}"
# Create a zip file with the Terraform provider binaries
for file in terraform-provider-constellation-*; do
# Special case for Windows binaries: They need to keep the .exe extension
ext="${file##*.}"
distribution_arch="${file#terraform-provider-constellation-}"
distribution_arch="${distribution_arch%.exe}"
folder_name="terraform-provider-constellation_${version}_${distribution_arch//-/_}"
mkdir -p "${folder_name}"
if [[ "${ext}" = "exe" ]]; then
2023-12-12 14:01:37 +00:00
cp "${file}" "${folder_name}/terraform-provider-constellation_v${version}.exe"
2023-12-11 14:00:08 +00:00
else
2023-12-28 09:19:47 +00:00
chmod 755 "${file}" # the upload artifact does not preserve file permissions (https://github.com/actions/upload-artifact/tree/main/?tab=readme-ov-file#permission-loss)
2023-12-12 14:01:37 +00:00
cp "${file}" "${folder_name}/terraform-provider-constellation_v${version}"
2023-12-11 14:00:08 +00:00
fi
2023-12-27 16:43:57 +00:00
(cd "${folder_name}" && zip "../${folder_name}.zip" ./*) # do not zip the folder itself
2023-12-11 14:00:08 +00:00
rm -r "${folder_name}"
done
# Create a manifest file for the Terraform provider
echo '{"version":1,"metadata":{"protocol_versions":["6.0"]}}' > "terraform-provider-constellation_${version}_manifest.json"
# Create a SHA256SUMS file of the zip files and manifest, and sign it
shasum -a 256 "terraform-provider-constellation_${version}"* > "terraform-provider-constellation_${version}_SHA256SUMS"
echo "${{ secrets.TERRAFORM_GPG_SIGNING_KEY }}" | gpg --import --batch --yes
gpg -u 3C75E56351F8F3F6 --batch --yes --detach-sign "terraform-provider-constellation_${version}_SHA256SUMS"
2022-09-02 14:49:59 +00:00
- name : Create release with artifacts
2023-12-11 14:00:08 +00:00
id : create-release
2022-08-23 11:43:20 +00:00
# GitHub endorsed release project. See: https://github.com/actions/create-release
2022-11-21 14:08:53 +00:00
uses : softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
2022-08-23 11:43:20 +00:00
with :
draft : true
2023-01-12 12:15:43 +00:00
generate_release_notes : true
2023-09-07 06:47:01 +00:00
tag_name : ${{ inputs.versionName || inputs.ref || github.head_ref }}
2023-12-11 14:00:08 +00:00
target_commitish : ${{ inputs.ref }}
2022-08-23 11:43:20 +00:00
files : |
2022-11-25 15:13:20 +00:00
constellation-*
cosign.pub
2022-10-21 13:19:51 +00:00
constellation.spdx.sbom
constellation.spdx.sbom.sig
2022-11-25 15:13:20 +00:00
constellation.intoto.jsonl
2023-11-10 12:32:18 +00:00
terraform-module.zip
2023-12-11 14:00:08 +00:00
- name : Create Terraform provider release with artifcats
uses : softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
with :
draft : true
generate_release_notes : false
body : |
This release contains the Terraform provider binaries for Constellation ${{ inputs.versionName }}.
Check out [the release page](https://github.com/edgelesssys/constellation/releases/tag/${{ inputs.versionName }}) for more information and a full changelog.
token : ${{ secrets.CI_GITHUB_REPOSITORY }}
repository : edgelesssys/terraform-provider-constellation
tag_name : ${{ inputs.versionName || inputs.ref || github.head_ref }}
files : |
terraform-provider-constellation_*
