# Required permissions: # # permissions: # packages: write # for docker/build-push-action # name: Build micro service description: Build and upload a container image for a Constellation micro-service inputs: name: description: "Name of the micro-service" required: true projectVersion: description: "Version of the micro-service" default: "0.0.0" required: false dockerfile: description: "Path to the services Dockerfile" required: true pushTag: description: "Use this image tag" required: false githubToken: description: "GitHub authorization token" required: true cosignPublicKey: description: "Cosign public key" required: false cosignPrivateKey: description: "Cosign private key" required: false cosignPassword: description: "Password for Cosign private key" required: false # Linux runner only (Docker required) runs: using: "composite" steps: - name: Determine pseudo version id: pseudo-version uses: ./.github/actions/pseudo_version - name: Docker metadata id: meta uses: docker/metadata-action@507c2f2dc502c992ad446e3d7a5dfbe311567a96 # v4.3.0 with: images: | ghcr.io/${{ github.repository }}/${{ inputs.name }} tags: | type=raw,value=latest,enable={{is_default_branch}} type=raw,value=${{ inputs.pushTag }},enable=${{ '' != inputs.pushTag }} type=raw,value=${{ steps.pseudo-version.outputs.pseudoVersion }},enable=${{ '' != steps.pseudo-version.outputs.pseudoVersion }} type=ref,event=branch - name: Log in to the Container registry id: docker-login uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # tag=v2.1.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ inputs.githubToken }} - name: Build and push container image id: build-micro-service uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3.3.1 with: context: . file: ${{ inputs.dockerfile }} target: release push: true tags: ${{ steps.meta.outputs.tags }} build-args: | PROJECT_VERSION=${{ inputs.projectVersion }} - name: Generate SBOM if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' uses: ./.github/actions/container_sbom with: containerReference: ghcr.io/${{ github.repository }}/${{ inputs.name }}@${{ steps.build-micro-service.outputs.digest }} cosignPublicKey: ${{ inputs.cosignPublicKey }} cosignPrivateKey: ${{ inputs.cosignPrivateKey }} cosignPassword: ${{ inputs.cosignPassword }}