mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
69 lines
1.5 KiB
Bash
Executable File
69 lines
1.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -exuo pipefail
|
|
shopt -s inherit_errexit
|
|
|
|
# buildImage <apko_config_path>
|
|
buildImage() {
|
|
local imageConfig=$1
|
|
|
|
echo "Building image for ${imageConfig}"
|
|
|
|
local imageName
|
|
imageName=$(basename "${imageConfig}" | cut -d. -f1)
|
|
local registryPath
|
|
registryPath="${REGISTRY}/edgelesssys/apko-${imageName}"
|
|
local outTar
|
|
outTar="${imageName}.tar"
|
|
|
|
mkdir -p "sboms/${imageName}"
|
|
|
|
# build the image
|
|
docker run \
|
|
-v "${PWD}":/work \
|
|
cgr.dev/chainguard/apko@sha256:8952f4f3ce58052b7df5e46f230f7192b42b220d3e46c8b06178cc25fd700846 \
|
|
build \
|
|
"${imageConfig}" \
|
|
--build-arch "${APKO_ARCH}" \
|
|
--sbom \
|
|
"${registryPath}" \
|
|
"${outTar}"
|
|
|
|
docker load < "${outTar}"
|
|
|
|
for tag in ${CONTAINER_TAGS}; do
|
|
tagSanitized=${tag//\//-}
|
|
|
|
docker image tag "${registryPath}" "${registryPath}:${tagSanitized}"
|
|
docker push "${registryPath}:${tagSanitized}"
|
|
|
|
imageDigest=$(docker inspect --format='{{index .RepoDigests 0}}' "${registryPath}")
|
|
|
|
# write full image as Markdown code block to step summary
|
|
cat << EOF >> "${GITHUB_STEP_SUMMARY}"
|
|
\`\`\`
|
|
${imageDigest%%@*}:${tagSanitized}@${imageDigest##*@}
|
|
\`\`\`
|
|
EOF
|
|
done
|
|
|
|
# cosign the container and push to registry
|
|
cosign sign \
|
|
--key env://COSIGN_PRIVATE_KEY \
|
|
"${imageDigest}" \
|
|
-y
|
|
|
|
# move sboms to folder
|
|
mv sbom-*.* "sboms/${imageName}/"
|
|
}
|
|
|
|
if [[ -n ${APKO_CONFIG} ]]; then
|
|
buildImage "${APKO_CONFIG}"
|
|
exit 0
|
|
fi
|
|
|
|
echo "Building all images in image"
|
|
for imageConfig in apko/*.yaml; do
|
|
buildImage "${imageConfig}"
|
|
done
|