name: Build and upload KeyService image env: REGISTRY: ghcr.io on: workflow_dispatch: push: branches: - main - "release/**" paths: - "keyservice/**" - "internal/**" - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops - ".github/workflows/build-keyservice-image.yml" jobs: build-keyservice: runs-on: ubuntu-22.04 permissions: contents: read packages: write steps: - name: Check out repository id: checkout uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 with: go-version: "1.20.2" - name: Build and upload KeyService container image id: build-and-upload uses: ./.github/actions/build_micro_service_ko with: name: key-service koConfig: .ko.yaml koTarget: ./keyservice/cmd githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}