name: Build and upload verification-service image on: workflow_dispatch: push: branches: - main - "release/**" paths: - "verify/**" - "internal/**" - "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops - ".github/workflows/build-verification-service.yml" jobs: build-verification-service: runs-on: ubuntu-22.04 permissions: contents: read packages: write steps: - name: Check out repository id: checkout uses: actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "1.20.2" - name: Build and upload verification-service container image id: build-and-upload uses: ./.github/actions/build_micro_service_ko with: name: verification-service koTarget: ./verify/cmd githubToken: ${{ secrets.GITHUB_TOKEN }} cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }} cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}