Add libvirt container build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-10-01 01:36:09 -04:00 · 2023-02-01 14:33:14 +01:00 · 2023-02-01 14:33:14 +01:00 · 5dcbff7e4c
commit 5dcbff7e4c
parent b3495685fb
3 changed files with 37 additions and 107 deletions
--- a/.github/workflows/build-libvirt-image.yml
+++ b/.github/workflows/build-libvirt-image.yml
@ -0,0 +1,36 @@
+name: Build and upload libvirt image
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - "release/**"
+    paths:
+      - "cli/internal/libvirt/**"
+      - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops
+      - ".github/workflows/build-libvirt-image.yml"
+
+jobs:
+  build-qemu-metadata-api:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Check out repository
+        id: checkout
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        with:
+          ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
+
+      - name: Build and upload libvirt container image
+        id: build-and-upload
+        uses: ./.github/actions/build_micro_service
+        with:
+          name: "libvirt"
+          dockerfile: "cli/internal/libvirt/Dockerfile"
+          githubToken: ${{ secrets.GITHUB_TOKEN }}
+          cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
+          cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
+          cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
--- a/.github/workflows/build-micro-service-manual.yml
+++ b/.github/workflows/build-micro-service-manual.yml
@ -1,106 +0,0 @@
-name: Build micro-service Manual
-
-on:
-  workflow_dispatch:
-    inputs:
-      microService:
-        description: "Name of the micro-service image to build"
-        type: choice
-        options:
-          - "join-service"
-          - "key-service"
-          - "verification-service"
-          - "qemu-metadata-api"
-          - "filebeat-debugd"
-          - "logstash-debugd"
-        required: true
-        default: "join-service"
-      imageTag:
-        description: "Container image tag"
-        required: true
-        default: "manual-build"
-      version:
-        description: "Version of the image to build"
-        required: true
-        default: "0.0.0"
-      ref:
-        type: string
-        description: "Git ref to checkout"
-        required: false
-      release:
-        type: boolean
-        description: "Is this a release build?"
-        required: false
-        default: false
-  workflow_call:
-    inputs:
-      microService:
-        description: "Name of the micro-service image to build"
-        type: string
-        required: true
-      imageTag:
-        type: string
-        description: "Container image tag"
-        required: true
-      version:
-        type: string
-        description: "Version of the image to build"
-        required: true
-      ref:
-        type: string
-        description: "Git ref to checkout"
-        required: false
-      release:
-        type: boolean
-        description: "Is this a release build?"
-        required: true
-
-jobs:
-  build-micro-service:
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Check out repository
-        id: checkout
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
-        with:
-          ref: ${{ inputs.ref || github.head_ref }}
-
-      - name: Setup Go environment
-        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
-        with:
-          go-version: "1.19.5"
-
-      # choose the correct Dockerfile depending on what micro-service is being build
-      - name: Set Dockerfile variable
-        id: set-variable
-        run: |
-          case "${{ inputs.microService }}" in
-            "join-service" )
-              echo "microServiceDockerfile=joinservice/Dockerfile" >> "$GITHUB_ENV" ;;
-            "key-service" )
-              echo "microServiceDockerfile=keyservice/Dockerfile" >> "$GITHUB_ENV" ;;
-            "verification-service" )
-              echo "microServiceDockerfile=verify/Dockerfile" >> "$GITHUB_ENV" ;;
-            "qemu-metadata-api" )
-              echo "microServiceDockerfile=hack/qemu-metadata-api/Dockerfile" >> "$GITHUB_ENV" ;;
-            "filebeat-debugd" )
-              echo "microServiceDockerfile=debugd/internal/debugd/logcollector/filebeat/Dockerfile" >> "$GITHUB_ENV" ;;
-            "logstash-debugd" )
-              echo "microServiceDockerfile=debugd/internal/debugd/logcollector/logstash/Dockerfile" >> "$GITHUB_ENV" ;;
-          esac
-
-      - name: Build and upload container image
-        id: build-and-upload
-        uses: ./.github/actions/build_micro_service
-        with:
-          name: ${{ inputs.microService }}
-          projectVersion: ${{ inputs.version }}
-          dockerfile: ${{ env.microServiceDockerfile }}
-          pushTag: ${{ inputs.imageTag }}
-          githubToken: ${{ secrets.GITHUB_TOKEN }}
-          cosignPublicKey: ${{ inputs.release && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
-          cosignPrivateKey: ${{ inputs.release && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
-          cosignPassword: ${{ inputs.release && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
--- a/cli/internal/libvirt/Dockerfile
+++ b/cli/internal/libvirt/Dockerfile
@ -1,4 +1,4 @@
-FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS deploy
+FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS release
 RUN dnf -y update && \
    dnf -y install dnf-plugins-core \
    libvirt-daemon-config-network \