name: Build micro service using Ko description: Build and upload a go micro service using ko inputs: name: description: "Name of the micro-service" required: true registry: description: "Name of the registry to use" required: false default: "ghcr.io" koConfig: description: "Path to the .ko.yaml config file" required: false default: ".ko.yaml" koTarget: description: "Go package to build with ko" required: true pushTag: description: "Use this image tag" required: true githubToken: description: "GitHub authorization token" required: true generateKoSBOM: description: "Generate unsigned ko SBOM" required: false default: "false" outputs: container_full: description: "Full container reference" value: ${{ steps.build.container_full }} container_image: description: "Container image" value: ${{ steps.build.outputs.container_image }} container_tag: description: "Container tag" value: ${{ steps.build.container_tag }} # Linux runner only runs: using: "composite" steps: - name: Determine pseudo version if: ${{ !inputs.pushTag}} id: pseudo-version uses: ./.github/actions/pseudo_version - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "1.20.1" cache: true - name: Set up ko uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 with: ko-version: "v0.12.0" - name: Build and upload ko container image id: build shell: bash env: KO_USER: ${{ github.actor }} KO_CONFIG_PATH: ${{ inputs.koConfig }} KO_PASSWORD: ${{ inputs.githubToken }} KO_DOCKER_REPO: ${{ inputs.registry }}/edgelesssys/constellation/${{ inputs.name }} run: | tags="" sbom="" if [[ "${{ github.ref_name }}" == "${{ github.event.repository.default_branch }}" ]]; then tags="latest" else tags="${{ github.sha }}" fi if [[ -n "${{ inputs.pushTag }}" ]]; then if [[ -n "${tags}" ]]; then tags="${tags},${{ inputs.pushTag }}" else tags="${{ inputs.pushTag }}" fi fi if [[ -n "${{ steps.pseudo-version.outputs.pseudoVersion }}" ]]; then if [[ -n "${tags}" ]]; then tags="${tags},${{ steps.pseudo-version.outputs.pseudoVersion }}" else tags="${{ steps.pseudo-version.outputs.pseudoVersion }}" fi fi if [[ "${{ inputs.generateKoSBOM }}" == "false" ]]; then sbom="--sbom=none" fi echo "Building container image with tags: ${tags}" container_full=$(ko build ${{ inputs.koTarget }} --bare --tags "${tags}" ${sbom}) container_image=$(echo $container_full | cut -d@ -f1) container_sha256=$(echo $container_full | cut -d: -f2) cat < container_data_ko.json { "container_full": "${container_full}", "container_image": "${container_image}", "container_sha256": "${container_sha256}" } EOF - name: Upload Container Data # since github censors hashes that may share data with secrets, we need to upload the data as an artifact uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: container_data_ko path: container_data_ko.json