mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-21 21:01:04 -05:00
88e3da750e
Currently tags can be empty when building a ko image. However, --bare may not work in case --tags is empty, as per ko docs. Also remove redundant build step in release pipeline. Co-authored-by: Malte Poll <mp@edgeless.systems>
114 lines
3.4 KiB
YAML
114 lines
3.4 KiB
YAML
name: Build micro service using Ko
|
|
description: Build and upload a go micro service using ko
|
|
inputs:
|
|
name:
|
|
description: "Name of the micro-service"
|
|
required: true
|
|
registry:
|
|
description: "Name of the registry to use"
|
|
required: false
|
|
default: "ghcr.io"
|
|
koConfig:
|
|
description: "Path to the .ko.yaml config file"
|
|
required: false
|
|
default: ".ko.yaml"
|
|
koTarget:
|
|
description: "Go package to build with ko"
|
|
required: true
|
|
pushTag:
|
|
description: "Use this image tag"
|
|
required: true
|
|
githubToken:
|
|
description: "GitHub authorization token"
|
|
required: true
|
|
generateKoSBOM:
|
|
description: "Generate unsigned ko SBOM"
|
|
required: false
|
|
default: "false"
|
|
|
|
outputs:
|
|
container_full:
|
|
description: "Full container reference"
|
|
value: ${{ steps.build.container_full }}
|
|
container_image:
|
|
description: "Container image"
|
|
value: ${{ steps.build.outputs.container_image }}
|
|
container_tag:
|
|
description: "Container tag"
|
|
value: ${{ steps.build.container_tag }}
|
|
|
|
# Linux runner only
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Determine pseudo version
|
|
if: ${{ !inputs.pushTag}}
|
|
id: pseudo-version
|
|
uses: ./.github/actions/pseudo_version
|
|
|
|
- name: Setup Go environment
|
|
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
|
with:
|
|
go-version: "1.19.5"
|
|
cache: true
|
|
|
|
- name: Set up ko
|
|
uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
|
|
|
|
- name: Build and upload ko container image
|
|
id: build
|
|
shell: bash
|
|
env:
|
|
KO_USER: ${{ github.actor }}
|
|
KO_CONFIG_PATH: ${{ inputs.koConfig }}
|
|
KO_PASSWORD: ${{ inputs.githubToken }}
|
|
KO_DOCKER_REPO: ${{ inputs.registry }}/edgelesssys/constellation/${{ inputs.name }}
|
|
run: |
|
|
tags=""
|
|
sbom=""
|
|
|
|
if [[ "${{ github.ref }}" == "${{ github.event.repository.default_branch }}" ]]; then
|
|
tags="latest"
|
|
else:
|
|
tags="${{ github.sha }}"
|
|
fi
|
|
|
|
if [ -n "${{ inputs.pushTag }}" ]; then
|
|
if [ -n "${tags}" ]; then
|
|
tags="${tags},${{ inputs.pushTag }}"
|
|
else
|
|
tags="${{ inputs.pushTag }}"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${{ steps.pseudo-version.outputs.pseudoVersion }}" ]; then
|
|
if [ -n "${tags}" ]; then
|
|
tags="${tags},${{ steps.pseudo-version.outputs.pseudoVersion }}"
|
|
else
|
|
tags="${{ steps.pseudo-version.outputs.pseudoVersion }}"
|
|
fi
|
|
fi
|
|
|
|
if [ "${{ inputs.generateKoSBOM }}" == "false" ]; then
|
|
sbom="--sbom=none"
|
|
fi
|
|
|
|
echo "Building container image with tags: ${tags}"
|
|
container_full=$(ko build ${{ inputs.koTarget }} --bare --tags "${tags}" ${sbom})
|
|
container_image=$(echo $container_full | cut -d@ -f1)
|
|
container_sha256=$(echo $container_full | cut -d: -f2)
|
|
|
|
cat <<EOF > container_data_ko.json
|
|
{
|
|
"container_full": "${container_full}",
|
|
"container_image": "${container_image}",
|
|
"container_sha256": "${container_sha256}"
|
|
}
|
|
EOF
|
|
|
|
- name: Upload Container Data # since github censors hashes that may share data with secrets, we need to upload the data as an artifact
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: container_data_ko
|
|
path: container_data_ko.json
|