From d001df596a1010a8debc9ee12fab19dd466976b9 Mon Sep 17 00:00:00 2001 From: leongross Date: Mon, 5 Dec 2022 14:38:42 +0100 Subject: [PATCH] add build-gcp-guest-agent-ko --- .github/workflows/build-apko-image.yml | 5 -- .../build-constellation-node-operator-ko.yml | 3 - .../workflows/build-gcp-guest-agent-ko.yml | 62 +++++++++++++++++++ .../workflows/build-joinservice-image-ko.yml | 1 - .github/workflows/build-kms-image-ko.yml | 1 - .../build-verification-service-ko.yml | 9 --- .ko.yaml | 16 +++++ 7 files changed, 78 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/build-gcp-guest-agent-ko.yml diff --git a/.github/workflows/build-apko-image.yml b/.github/workflows/build-apko-image.yml index b99201333..e5992a792 100644 --- a/.github/workflows/build-apko-image.yml +++ b/.github/workflows/build-apko-image.yml @@ -2,11 +2,6 @@ name: Build and upload all apko container images on: workflow_dispatch: - push: - branches: - - main - - "release/**" - - "feat/reproducible-builds-ko" jobs: build-apko-image: diff --git a/.github/workflows/build-constellation-node-operator-ko.yml b/.github/workflows/build-constellation-node-operator-ko.yml index ed5022761..ae7c30453 100644 --- a/.github/workflows/build-constellation-node-operator-ko.yml +++ b/.github/workflows/build-constellation-node-operator-ko.yml @@ -2,9 +2,6 @@ name: Build and upload constellation node operator image (KO) on: workflow_dispatch: - push: - branches: - - feat/reproducible-builds-ko jobs: build-constellation-node-operator: diff --git a/.github/workflows/build-gcp-guest-agent-ko.yml b/.github/workflows/build-gcp-guest-agent-ko.yml new file mode 100644 index 000000000..0d80927b1 --- /dev/null +++ b/.github/workflows/build-gcp-guest-agent-ko.yml @@ -0,0 +1,62 @@ +name: Build and Upload GCP guest-agent container (KO) +env: + REGISTRY: ghcr.io + KO_DATA_PATH: /etc/default/ + +on: + workflow_dispatch: + push: + branches: + - main + - "release/**" + - "feat/reproducible-builds-ko" + +jobs: + build-gcp-guest-agent: + runs-on: ubuntu-22.04 + defaults: + run: + working-directory: ./constellation + permissions: + contents: read + packages: write + strategy: + matrix: + version: ["20220927.00"] + include: + - version: "20220927.00" + latest: true + steps: + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + with: + repository: "GoogleCloudPlatform/guest-agent" + ref: refs/tags/${{ matrix.version }} + path: "guest-agent" + + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + with: + ref: ${{ github.head_ref }} + path: "constellation" + + + - name: Prepare hardcoded configuration file + working-directory: ${{ github.workspace }} + run: | + # https://ko.build/features/static-assets/ + # cwd = /home/runner/work/constellation/constellation + koData="./guest-agent/kodata" + mkdir -p $koData + cp ./constellation/3rdparty/gcp-guest-agent/instance_configs.cfg $koData + cd .. + + - name: Build and upload join service container image + id: build-and-upload + # assumes that we are currently in the root of the repo + uses: ./constellation/.github/actions/build_micro_service_ko + with: + name: gcp-guest-agent + koTarget: ./guest-agent/google-guest-agent/ + githubToken: ${{ secrets.GITHUB_TOKEN }} + cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} + cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} + cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} diff --git a/.github/workflows/build-joinservice-image-ko.yml b/.github/workflows/build-joinservice-image-ko.yml index 2a8441c96..dd6e1996b 100644 --- a/.github/workflows/build-joinservice-image-ko.yml +++ b/.github/workflows/build-joinservice-image-ko.yml @@ -4,7 +4,6 @@ env: on: workflow_dispatch: - push: jobs: build-join-service-ko: diff --git a/.github/workflows/build-kms-image-ko.yml b/.github/workflows/build-kms-image-ko.yml index 8ebf69f63..9a5c1283e 100644 --- a/.github/workflows/build-kms-image-ko.yml +++ b/.github/workflows/build-kms-image-ko.yml @@ -4,7 +4,6 @@ env: on: workflow_dispatch: - push: jobs: build-kms-server: diff --git a/.github/workflows/build-verification-service-ko.yml b/.github/workflows/build-verification-service-ko.yml index d3377b6fe..6671ae950 100644 --- a/.github/workflows/build-verification-service-ko.yml +++ b/.github/workflows/build-verification-service-ko.yml @@ -2,15 +2,6 @@ name: Build and upload verification-service image (KO) on: workflow_dispatch: - push: - branches: - - main - - "release/**" - - "feat/reproducible-builds-ko" - #paths: - # - "verify/**" - # - "internal/attestation/**" - # - "internal/constants/**" jobs: build-verification-service: diff --git a/.ko.yaml b/.ko.yaml index 6bcc6a460..76d6f5a7c 100644 --- a/.ko.yaml +++ b/.ko.yaml @@ -45,3 +45,19 @@ builds: - -s -w -buildid='' - -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION} - -extldflags "-static" + +- id: gcp-guest-agent + dir: . + main: ./3rdparty/gcp-guest-agent/ + env: + - CGO_ENABLED=0 + - GOOS=linux + - GOARCH=amd64 + flags: + - -trimpath + - -buildvcs=false + - -a + ldflags: + - -s -w -buildid='' + - -X github.com/edgelesssys/constellation/v2/internal/constants.VersionInfo=${PROJECT_VERSION} + - -extldflags "-static"