Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-09 07:22:40 -04:00
Code Issues Projects Releases Packages Wiki Activity

one-file-solution

Browse source
This commit is contained in:
leongross 2022-12-19 10:32:21 +01:00
parent ee65dbb781
commit a2c4436287
No known key found for this signature in database
GPG key ID: 8684D89F6BF9B743
2 changed files with 65 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/build-gcp-guest-agent-ko-redo.yml vendored
View file

@ -9,7 +9,6 @@ on:
branches: branches:
- main - main
- "release/**" - "release/**"
- "feat/reproducible-builds-ko"
jobs: jobs:
build-gcp-guest-agent: build-gcp-guest-agent:

80
.github/workflows/build-gcp-guest-agent-ko.yml vendored
View file

@ -5,10 +5,19 @@ env:
on: on:
workflow_dispatch: workflow_dispatch:
inputs:
pushTag:
description: "Use this image tag"
required: false
generateKoSBOM:
description: "Generate unsigned ko SBOM"
required: false
default: "false"
push: push:
branches: branches:
- main - main
- "release/**" - "release/**"
- "feat/reproducible-builds-ko"
jobs: jobs:
build-gcp-guest-agent: build-gcp-guest-agent:
@ -38,28 +47,69 @@ jobs:
- name: Prepare hardcoded configuration file - name: Prepare hardcoded configuration file
working-directory: ${{ github.workspace }} working-directory: ${{ github.workspace }}
run: | run: |
# https://ko.build/features/static-assets/
# cwd = /home/runner/work/constellation/constellation # cwd = /home/runner/work/constellation/constellation
koData="./guest-agent/kodata" koData="./guest-agent/kodata"
mkdir -p $koData mkdir -p $koData
cp ./constellation/3rdparty/gcp-guest-agent/instance_configs.cfg $koData cp ./constellation/3rdparty/gcp-guest-agent/instance_configs.cfg $koData
cd ${GITHUB_WORKSPACE}/ cp ./constellation/.ko.yaml ./guest-agent/.ko.yaml
ln -s ./constellation/.github/ .github
echo ${{ github.workspace }}/constellation # one-filer to solve path issues
ls -alh ${{ github.workspace }}/constellation - name: Set up ko
#echo $GITHUB_WORKSPACE/constellation uses: imjasonh/setup-ko@v0.6
#ls -alh $GITHUB_WORKSPACE/constellation
- name: Build and upload gcp guest service container image - name: Build and upload ko container image
id: build-and-upload working-directory: ./guest-agent
# assumes that we are currently in the root of the repo shell: bash
uses: ./.github/actions/build_micro_service_ko id: build
env:
KO_USER: ${{ github.actor }}
KO_CONFIG_PATH: ./.ko.yaml
KO_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
KO_DOCKER_REPO: $REGISTRY/edgelesssys/gcp-guest-agent-ko
run: |
tags="test"
sbom=""
pwd
if [ "${{ github.ref }}" == "${{ github.event.repository.default_branch }}" ]; then
tags="latest"
else:
tags="${{ github.sha }}"
fi
if [ -n "${{ inputs.pushTag }}" ]; then
if [ -n "${tags}" ]; then
tags="${tags},${{ inputs.pushTag }}"
else
tags="${{ inputs.pushTag }}"
fi
fi
if [ -n "${{ steps.pseudo-version.outputs.pseudoVersion }}" ]; then
if [ -n "${tags}" ]; then
tags="${tags},${{ steps.pseudo-version.outputs.pseudoVersion }}"
else
tags="${{ steps.pseudo-version.outputs.pseudoVersion }}"
fi
fi
if [ "${{ inputs.generateKoSBOM }}" == "false" ]; then
sbom="--sbom=none"
fi
go mod download all
container_full=$(ko build ./google_guest_agent --bare --tags ${tags} ${sbom})
container_image=$(echo $container_full | cut -d@ -f1)
container_tag=$(echo $container_full | cut -d: -f2)
echo "CONTAINER_FULL=$container_full" >> $GITHUB_ENV
echo "CONTAINER_IMAGE=$container_image" >> $GITHUB_ENV
echo "CONTAINER_TAG=$container_tag" >> $GITHUB_ENV
- name: Generate SBOM
uses: ./constellation/.github/actions/container_sbom
with: with:
name: gcp-guest-agent containerReference: ${{ env.CONTAINER_FULL }}
koTarget: ./guest-agent/google-guest-agent/
githubToken: ${{ secrets.GITHUB_TOKEN }}
constellationPath: ${{ github.workspace }}/constellation
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}