diff --git a/.github/workflows/build-libvirt-image.yml b/.github/workflows/build-libvirt-image.yml new file mode 100644 index 000000000..bc0298188 --- /dev/null +++ b/.github/workflows/build-libvirt-image.yml @@ -0,0 +1,36 @@ +name: Build and upload libvirt image + +on: + workflow_dispatch: + push: + branches: + - main + - "release/**" + paths: + - "cli/internal/libvirt/**" + - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops + - ".github/workflows/build-libvirt-image.yml" + +jobs: + build-qemu-metadata-api: + runs-on: ubuntu-22.04 + permissions: + contents: read + packages: write + steps: + - name: Check out repository + id: checkout + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + + - name: Build and upload libvirt container image + id: build-and-upload + uses: ./.github/actions/build_micro_service + with: + name: "libvirt" + dockerfile: "cli/internal/libvirt/Dockerfile" + githubToken: ${{ secrets.GITHUB_TOKEN }} + cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} + cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} + cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-micro-service-manual.yml b/.github/workflows/build-micro-service-manual.yml deleted file mode 100644 index fe6466d4a..000000000 --- a/.github/workflows/build-micro-service-manual.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: Build micro-service Manual - -on: - workflow_dispatch: - inputs: - microService: - description: "Name of the micro-service image to build" - type: choice - options: - - "join-service" - - "key-service" - - "verification-service" - - "qemu-metadata-api" - - "filebeat-debugd" - - "logstash-debugd" - required: true - default: "join-service" - imageTag: - description: "Container image tag" - required: true - default: "manual-build" - version: - description: "Version of the image to build" - required: true - default: "0.0.0" - ref: - type: string - description: "Git ref to checkout" - required: false - release: - type: boolean - description: "Is this a release build?" - required: false - default: false - workflow_call: - inputs: - microService: - description: "Name of the micro-service image to build" - type: string - required: true - imageTag: - type: string - description: "Container image tag" - required: true - version: - type: string - description: "Version of the image to build" - required: true - ref: - type: string - description: "Git ref to checkout" - required: false - release: - type: boolean - description: "Is this a release build?" - required: true - -jobs: - build-micro-service: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 - with: - ref: ${{ inputs.ref || github.head_ref }} - - - name: Setup Go environment - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 - with: - go-version: "1.19.5" - - # choose the correct Dockerfile depending on what micro-service is being build - - name: Set Dockerfile variable - id: set-variable - run: | - case "${{ inputs.microService }}" in - "join-service" ) - echo "microServiceDockerfile=joinservice/Dockerfile" >> "$GITHUB_ENV" ;; - "key-service" ) - echo "microServiceDockerfile=keyservice/Dockerfile" >> "$GITHUB_ENV" ;; - "verification-service" ) - echo "microServiceDockerfile=verify/Dockerfile" >> "$GITHUB_ENV" ;; - "qemu-metadata-api" ) - echo "microServiceDockerfile=hack/qemu-metadata-api/Dockerfile" >> "$GITHUB_ENV" ;; - "filebeat-debugd" ) - echo "microServiceDockerfile=debugd/internal/debugd/logcollector/filebeat/Dockerfile" >> "$GITHUB_ENV" ;; - "logstash-debugd" ) - echo "microServiceDockerfile=debugd/internal/debugd/logcollector/logstash/Dockerfile" >> "$GITHUB_ENV" ;; - esac - - - name: Build and upload container image - id: build-and-upload - uses: ./.github/actions/build_micro_service - with: - name: ${{ inputs.microService }} - projectVersion: ${{ inputs.version }} - dockerfile: ${{ env.microServiceDockerfile }} - pushTag: ${{ inputs.imageTag }} - githubToken: ${{ secrets.GITHUB_TOKEN }} - cosignPublicKey: ${{ inputs.release && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} - cosignPrivateKey: ${{ inputs.release && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} - cosignPassword: ${{ inputs.release && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/cli/internal/libvirt/Dockerfile b/cli/internal/libvirt/Dockerfile index 44eda06ee..6502bbbc8 100644 --- a/cli/internal/libvirt/Dockerfile +++ b/cli/internal/libvirt/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS deploy +FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS release RUN dnf -y update && \ dnf -y install dnf-plugins-core \ libvirt-daemon-config-network \