name: Build CLI and prepare release on: workflow_dispatch: jobs: build-cli: runs-on: ubuntu-latest steps: - name: Checkout id: checkout uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 - name: Setup Go environment uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # tag=v3.3.1 with: go-version: "1.19.2" - name: Build cli-linux-amd64 uses: ./.github/actions/build_cli with: targetOS: linux targetArch: amd64 enterpriseCLI: true cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Build cli-linux-arm64 uses: ./.github/actions/build_cli with: targetOS: linux targetArch: arm64 enterpriseCLI: true cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Build cli-darwin-amd64 uses: ./.github/actions/build_cli with: targetOS: darwin targetArch: amd64 enterpriseCLI: true cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Build cli-darwin-arm64 uses: ./.github/actions/build_cli with: targetOS: darwin targetArch: arm64 enterpriseCLI: true cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Login to Azure uses: ./.github/actions/azure_login with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - name: Login to GCP uses: ./.github/actions/gcp_login with: gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} - name: Build version manifest run: | cd hack/build-manifest/ AZURE_SUBSCRIPTION_ID=0d202bbb-4fa7-4af8-8125-58c269a05435 go run . > versions-manifest.json cat versions-manifest.json - name: Build SBOMs run: | SYFT_VERSION=0.55.0 curl -LO https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz ./syft version ./syft . --catalogers go-module --file constellation.spdx.sbom -o spdx-json CONTAINER_VERSION=${GITHUB_REF##*/} ./syft ghcr.io/edgelesssys/constellation/verification-service:${CONTAINER_VERSION} --file verification-service.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/access-manager:${CONTAINER_VERSION} --file access-manager.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/join-service:${CONTAINER_VERSION} --file join-service.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/kmsserver:${CONTAINER_VERSION} --file kmsserver.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/node-operator:${CONTAINER_VERSION} --file node-operator.spdx.sbom -o spdx-json if: startsWith(github.ref, 'refs/tags/v') - name: Create release with artifacts # GitHub endorsed release project. See: https://github.com/actions/create-release uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # tag=v0.1.14 if: startsWith(github.ref, 'refs/tags/v') with: draft: true files: | build/constellation-* build/cosign.pub hack/build-manifest/versions-manifest.json *.spdx.sbom