Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: add constellation-windows-amd64.exe to release artifacts uploaded to GitHub (#2075)

Browse Source
This commit is contained in:
Malte Poll 2023-07-10 10:21:48 +02:00 committed by GitHub
parent 2c1da48437
commit c6230ff8ca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 47 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/build_cli/action.yml vendored
View File

@ -49,7 +49,7 @@ runs:
env: env:
TARGET_GOOS: ${{ inputs.targetOS }} TARGET_GOOS: ${{ inputs.targetOS }}
TARGET_GOARCH: ${{ inputs.targetArch }} TARGET_GOARCH: ${{ inputs.targetArch }}
OUTPUT_PATH: ${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }} OUTPUT_PATH: ${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}${{ inputs.targetOS == 'windows' && '.exe' || '' }}
run: | run: |
echo "::group::Build CLI" echo "::group::Build CLI"
mkdir -p "$(dirname "${OUTPUT_PATH}")" mkdir -p "$(dirname "${OUTPUT_PATH}")"
@ -100,7 +100,7 @@ runs:
COSIGN_PUBLIC_KEY: ${{ inputs.cosignPublicKey }} COSIGN_PUBLIC_KEY: ${{ inputs.cosignPublicKey }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
OUTPUT_PATH: ${{ github.workspace }}/${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }} OUTPUT_PATH: ${{ github.workspace }}/${{ inputs.outputPath || format('./build/constellation-{0}-{1}', inputs.targetOS, inputs.targetArch) }}${{ inputs.targetOS == 'windows' && '.exe' || '' }}
run: | run: |
echo "$COSIGN_PUBLIC_KEY" > cosign.pub echo "$COSIGN_PUBLIC_KEY" > cosign.pub
# Enabling experimental mode also publishes signature to Rekor # Enabling experimental mode also publishes signature to Rekor

48
.github/workflows/release-cli.yml vendored
View File

@ -46,8 +46,21 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
arch: [amd64, arm64] include:
os: [linux, darwin] - arch: amd64
os: linux
- arch: amd64
os: darwin
- arch: amd64
os: windows
- arch: arm64
os: linux
- arch: arm64
os: darwin
steps: steps:
- name: Checkout - name: Checkout
id: checkout id: checkout
@ -70,14 +83,24 @@ jobs:
cosignPrivateKey: ${{ inputs.key == 'release' && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPrivateKey: ${{ inputs.key == 'release' && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Upload CLI as artifact - name: Upload CLI as artifact (unix)
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if : ${{ matrix.os != 'windows' }}
with: with:
name: constellation-${{ matrix.os }}-${{ matrix.arch }} name: constellation-${{ matrix.os }}-${{ matrix.arch }}
path: | path: |
build/constellation-${{ matrix.os }}-${{ matrix.arch }} build/constellation-${{ matrix.os }}-${{ matrix.arch }}
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig
- name: Upload CLI as artifact (windows)
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
if : ${{ matrix.os == 'windows' }}
with:
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
path: |
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe.sig
push-containers: push-containers:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
if: inputs.pushContainers if: inputs.pushContainers
@ -137,6 +160,11 @@ jobs:
with: with:
name: constellation-linux-arm64 name: constellation-linux-arm64
- name: Download CLI binaries windows-amd64
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: constellation-windows-amd64
- name: Download CLI SBOM - name: Download CLI SBOM
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -150,6 +178,7 @@ jobs:
constellation-darwin-arm64 \ constellation-darwin-arm64 \
constellation-linux-amd64 \ constellation-linux-amd64 \
constellation-linux-arm64 \ constellation-linux-arm64 \
constellation-windows-amd64.exe \
constellation.spdx.sbom) constellation.spdx.sbom)
HASHESB64=$(echo "${HASHES}" | base64 -w0) HASHESB64=$(echo "${HASHES}" | base64 -w0)
echo "${HASHES}" echo "${HASHES}"
@ -253,6 +282,11 @@ jobs:
with: with:
name: constellation-linux-arm64 name: constellation-linux-arm64
- name: Download CLI binaries windows-amd64
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: constellation-windows-amd64
- name: Download CLI SBOM - name: Download CLI SBOM
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with:
@ -282,6 +316,9 @@ jobs:
slsa-verifier verify-artifact constellation-linux-arm64 \ slsa-verifier verify-artifact constellation-linux-arm64 \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \ --provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation --source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact constellation-windows-amd64.exe \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation
slsa-verifier verify-artifact constellation.spdx.sbom \ slsa-verifier verify-artifact constellation.spdx.sbom \
--provenance-path ${{ needs.provenance.outputs.provenance-name }} \ --provenance-path ${{ needs.provenance.outputs.provenance-name }} \
--source-uri github.com/edgelesssys/constellation --source-uri github.com/edgelesssys/constellation
@ -320,6 +357,11 @@ jobs:
with: with:
name: constellation-linux-arm64 name: constellation-linux-arm64
- name: Download CLI binaries windows-amd64
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: constellation-windows-amd64
- name: Download Constellation CLI SBOM - name: Download Constellation CLI SBOM
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with: with: