name: Build CLI and prepare release on: workflow_dispatch: jobs: build-cli: runs-on: ubuntu-latest steps: - name: Checkout id: checkout uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - name: Build cli-linux-amd64 uses: ./.github/actions/build_cli with: targetOS: linux targetArch: amd64 cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} cosignPassword: ${{ secrets.COSIGN_PASSWORD }} - name: Build cli-linux-arm64 uses: ./.github/actions/build_cli with: targetOS: linux targetArch: arm64 cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} cosignPassword: ${{ secrets.COSIGN_PASSWORD }} - name: Build cli-darwin-amd64 uses: ./.github/actions/build_cli with: targetOS: darwin targetArch: amd64 cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} cosignPassword: ${{ secrets.COSIGN_PASSWORD }} - name: Build cli-darwin-arm64 uses: ./.github/actions/build_cli with: targetOS: darwin targetArch: arm64 cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }} cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }} cosignPassword: ${{ secrets.COSIGN_PASSWORD }} - name: Login to Azure uses: ./.github/actions/azure_login with: azure_credentials: ${{ secrets.AZURE_CREDENTIALS }} - name: Login to GCP uses: ./.github/actions/gcp_login with: gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} - name: Build version manifest run: | cd hack/build-manifest/ AZURE_SUBSCRIPTION_ID=0d202bbb-4fa7-4af8-8125-58c269a05435 go run . > versions-manifest.json cat versions-manifest.json - name: Build SBOMs run: | SYFT_VERSION=0.55.0 curl -LO https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz ./syft version ./syft . --catalogers go-module --file constellation.spdx.sbom -o spdx-json CONTAINER_VERSION=${GITHUB_REF##*/} ./syft ghcr.io/edgelesssys/constellation/verification-service:${CONTAINER_VERSION} --file verification-service.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/access-manager:${CONTAINER_VERSION} --file access-manager.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/join-service:${CONTAINER_VERSION} --file join-service.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/kmsserver:${CONTAINER_VERSION} --file kmsserver.spdx.sbom -o spdx-json ./syft ghcr.io/edgelesssys/constellation/node-operator:${CONTAINER_VERSION} --file node-operator.spdx.sbom -o spdx-json if: startsWith(github.ref, 'refs/tags/v') - name: Create release with artifacts # GitHub endorsed release project. See: https://github.com/actions/create-release uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 if: startsWith(github.ref, 'refs/tags/v') with: draft: true files: | build/constellation-* build/cosign.pub hack/build-manifest/versions-manifest.json *.spdx.sbom