Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

Activation Service and KMS server image build pipeline (#210)

Browse Source 
* AB#2171 Add kms server container image build pipeline

* AB#2172 Add activation service container image  build pipeline

* Add manual workflow for building micro-service images

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-06-15 10:50:46 +02:00 committed by GitHub
parent 766182b7e7
commit 3d041cab2b
6 changed files with 234 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.github/actions/build_micro-service/action.yml vendored Normal file
View File

@ -0,0 +1,51 @@
name: build micro-service image
description: Build and upload a container image for a Constellation micro-service
inputs:
name:
description: 'Name of the micro-service'
required: true
dockerfile:
description: 'Path to the services Dockerfile'
required: true
pushTag:
description: 'Use this image tag'
required: false
githubToken:
description: 'GitHub authorization token'
required: true
runs:
using: "composite"
steps:
- name: Docker metadata
id: meta
uses: docker/metadata-action@v3
with:
images: |
ghcr.io/${{ github.repository }}/${{ inputs.name }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }}
type=ref,event=branch
- name: Set up Docker Buildx
id: docker-setup
uses: docker/setup-buildx-action@v1
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ inputs.githubToken }}
- name: Build and push container image
id: build-micro-service
uses: docker/build-push-action@v2
with:
context: .
file: ${{ inputs.dockerfile }}
target: release
push: true
tags: ${{ steps.meta.outputs.tags }}

54
.github/templates/micro-service-image.yml.template vendored Normal file
View File

@ -0,0 +1,54 @@
name: Build and Upload {{ micro-service }} image
env:
REGISTRY: ghcr.io
IMAGE_NAME: {{ micro-service }}
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "{{ micro-service }}/**"
- "internal/{{ micro-service-dependency-1 }}/**"
- "internal/{{ micro-service-dependency-2 }}/**"
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v1
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=branch
- name: Set up Docker Buildx
id: docker-setup
uses: docker/setup-buildx-action@v1
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push constellation-{{ micro-service }} container image
id: build-constellation-{{ micro-service }}
uses: docker/build-push-action@v2
with:
context: .
file: {{ micro-service }}/Dockerfile
target: release
push: true
tags: ${{ steps.meta.outputs.tags }}

43
.github/workflows/build-access-manager-image.yml vendored
View File

@ -1,4 +1,4 @@
name: Build and Upload access-manager image
name: Build and upload access-manager image
env:
REGISTRY: ghcr.io
IMAGE_NAME: access-manager
@ -13,41 +13,20 @@ on:
- "internal/deploy/**"
jobs:
build:
build-access-manager:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v1
- name: Check out repository
id: checkout
uses: actions/checkout@v3
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
- name: Build and upload access-manager container image
id: build-and-upload
uses: ./.github/actions/build_micro-service
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=branch
- name: Set up Docker Buildx
id: docker-setup
uses: docker/setup-buildx-action@v1
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push constellation-access-manager container image
id: build-constellation-access-manager
uses: docker/build-push-action@v2
with:
context: .
file: access_manager/Dockerfile
target: release
push: true
tags: ${{ steps.meta.outputs.tags }}
name: access-manager
dockerfile: access_manager/Dockerfile
github_token: ${{ secrets.GITHUB_TOKEN }}

34
.github/workflows/build-activation-image.yml vendored Normal file
View File

@ -0,0 +1,34 @@
name: Build and upload activation-service image
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "activation/**"
- "internal/atls/**"
- "internal/attestation/**"
- "internal/constants/**"
- "internal/file/**"
- "internal/grpc/**"
- "internal/oid/**"
jobs:
build-activation-service:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
- name: Build and upload activation-service container image
id: build-and-upload
uses: ./.github/actions/build_micro-service
with:
name: activation-service
dockerfile: activation/Dockerfile
github_token: ${{ secrets.GITHUB_TOKEN }}

33
.github/workflows/build-kms-image.yml vendored Normal file
View File

@ -0,0 +1,33 @@
name: Build and upload KMS image
env:
REGISTRY: ghcr.io
IMAGE_NAME: kmsserver
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "kms/**"
- "internal/constants/**"
- "internal/file/**"
jobs:
build-kms-server:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
- name: Build and upload KMS server container image
id: build-and-upload
uses: ./.github/actions/build_micro-service
with:
name: kmsserver
dockerfile: Dockerfile.kms
github_token: ${{ secrets.GITHUB_TOKEN }}

51
.github/workflows/build-micro-service-manual.yml vendored Normal file
View File

@ -0,0 +1,51 @@
name: Build micro-service Manual
on:
workflow_dispatch:
inputs:
microService:
description: 'Name of the micro-service image to build'
type: choice
options:
- 'access-manager'
- 'activation-service'
- 'kmsserver'
required: true
default: 'access manager'
imageTag:
description: 'Container image tag'
required: true
default: 'manual-build'
jobs:
build-micro-service:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
# choose the correct Dockerfile depending on what micro-service is being build
- name: Set Dockerfile variable
id: set-variable
run: |
case "${{ env.someVar }}" in
"access-manager" )
echo "microServiceDockerfile=access_manager/Dockerfile" >> $GITHUB_ENV ;;
"activation-service" )
echo "microServiceDockerfile=activation-service/Dockerfile" >> $GITHUB_ENV ;;
"kmsserver" )
echo "microServiceDockerfile=Dockerfile.kms" >> $GITHUB_ENV ;;
esac
- name: Build and upload activation-service container image
id: build-and-upload
uses: ./.github/actions/build_micro-service
with:
name: ${{ input.microService }}
dockerfile: ${{ env.microServiceDockerfile }}
tag: ${{ input.imageTag }}
github_token: ${{ secrets.GITHUB_TOKEN }}