ci: move apko building into separate script

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-01 01:36:09 -04:00 · 2023-01-18 10:59:03 +01:00 · 2023-01-18 10:59:03 +01:00 · a6d35c6fd1
commit a6d35c6fd1
parent 9b4dc9b478
2 changed files with 61 additions and 73 deletions
--- a/.github/actions/build_apko/action.yml
+++ b/.github/actions/build_apko/action.yml
@ -64,79 +64,11 @@ runs:
        COSIGN_PUBLIC_KEY: ${{ inputs.cosignPublicKey }}
        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
-      run: |
-        if [[ -z "${{ inputs.apkoConfig }}" ]]; then
-          echo "Building all images in image"
-          mkdir sboms
-          for imageConfig in apko/*.yaml; do
-            echo "Building image for $imageConfig"
-
-            imageName=$(basename $imageConfig | cut -d. -f1 )
-            registry="${{ inputs.registry }}/edgelesssys/apko-${imageName}"
-            outTar="${imageName}.tar"
-
-            mkdir -p sboms/$imageName
-
-            # build the image
-            docker run \
-              -v "$PWD":/work \
-              cgr.dev/chainguard/apko:${{ inputs.apkoTag }} \
-              build \
-              "${imageConfig}" \
-              --build-arch ${{ inputs.apkoArch }} \
-              --sbom \
-              "${registry}" \
-              "${outTar}"
-
-            # push container
-            docker load < $outTar
-            docker push $registry
-            imageDigest=$(docker inspect --format='{{index .RepoDigests 0}}' $registry)
-            echo "$imageDigest" >> "$GITHUB_STEP_SUMMARY"
-
-            # cosign the container and push to registry
-            cosign sign \
-              --key env://COSIGN_PRIVATE_KEY \
-               $imageDigest \
-              -y
-
-            # move sboms to folder
-            mv sbom-*.* sboms/$imageName/
-          done
-        else
-          echo "Building image for ${{ inputs.apkoConfig }}"
-
-          imageName=$(basename ${{ inputs.apkoConfig }} | cut -d. -f1 )
-          registry="${{ inputs.registry }}/edgelesssys/apko-${imageName}"
-          outTar="${imageName}.tar"
-
-          mkdir -p sboms/$imageName
-
-          # build the image
-          docker run \
-            -v "$PWD":/work \
-            cgr.dev/chainguard/apko:${{ inputs.apkoTag }} \
-            build \
-            "${imageConfig}" \
-            --build-arch ${{ inputs.apkoArch }} \
-            --sbom \
-            "${registry}" \
-            "${outTar}"
-
-          # push container
-          docker load < $outTar
-          docker push $registry
-          imageDigest=$(docker inspect --format='{{index .RepoDigests 0}}' $registry)
-          echo "$imageDigest" >> "$GITHUB_STEP_SUMMARY"
-
-          # cosign the container and push to registry
-          cosign sign \
-              --key env://COSIGN_PRIVATE_KEY \
-              $imageDigest \
-              -y
-
-          mv sbom-*.* sboms/$imageName/
-        fi
+        APKO_CONFIG: ${{ inputs.apkoConfig }}
+        APKO_TAG: ${{ inputs.apkoTag }}
+        APKO_ARCH: ${{ inputs.apkoArch }}
+        REGISTRY: ${{ inputs.registry }}
+      run: .github/actions/build_apko/build_and_sign.sh

    - name: Sign sboms
      if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
--- a/.github/actions/build_apko/build_and_sign.sh
+++ b/.github/actions/build_apko/build_and_sign.sh
@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+shopt -s inherit_errexit
+
+# buildImage <apko_config_path>
+function buildImage() {
+  local imageConfig=$1
+
+  echo "Building image for ${imageConfig}"
+
+  local imageName
+  imageName=$(basename "${imageConfig}" | cut -d. -f1)
+  registryPath="${REGISTRY}/edgelesssys/apko-${imageName}"
+  outTar="${imageName}.tar"
+
+  mkdir -p "sboms/${imageName}"
+
+  # build the image
+  docker run \
+    -v "${PWD}":/work \
+    cgr.dev/chainguard/apko:"${APKO_TAG}" \
+    build \
+    "${imageConfig}" \
+    --build-arch "${APKO_ARCH}" \
+    --sbom \
+    "${registryPath}" \
+    "${outTar}"
+
+  # push container
+  docker load < "${outTar}"
+  docker push "${registryPath}"
+  imageDigest=$(docker inspect --format='{{index .RepoDigests 0}}' "${registryPath}")
+  echo "${imageDigest}" >> "${GITHUB_STEP_SUMMARY}"
+
+  # cosign the container and push to registry
+  cosign sign \
+    --key env://COSIGN_PRIVATE_KEY \
+    "${imageDigest}" \
+    -y
+
+  # move sboms to folder
+  mv sbom-*.* "sboms/${imageName}/"
+}
+
+mkdir "sboms"
+
+if [[ -n ${APKO_CONFIG} ]]; then
+  buildImage "${APKO_CONFIG}"
+  exit 0
+fi
+
+echo "Building all images in image"
+for imageConfig in apko/*.yaml; do
+  buildImage "${imageConfig}"
+done