mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-27 16:39:38 -05:00
90b88e1cf9
In the light of extending our eKMS support it will be helpful to have a tighter use of the word "KMS". KMS should refer to the actual component that manages keys. The keyservice, also called KMS in the constellation code, does not manage keys itself. It talks to a KMS backend, which in turn does the actual key management.
107 lines
3.6 KiB
YAML
107 lines
3.6 KiB
YAML
name: Build micro-service Manual
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
microService:
|
|
description: "Name of the micro-service image to build"
|
|
type: choice
|
|
options:
|
|
- "join-service"
|
|
- "keyservice"
|
|
- "verification-service"
|
|
- "qemu-metadata-api"
|
|
- "filebeat-debugd"
|
|
- "logstash-debugd"
|
|
required: true
|
|
default: "join-service"
|
|
imageTag:
|
|
description: "Container image tag"
|
|
required: true
|
|
default: "manual-build"
|
|
version:
|
|
description: "Version of the image to build"
|
|
required: true
|
|
default: "0.0.0"
|
|
ref:
|
|
type: string
|
|
description: "Git ref to checkout"
|
|
required: false
|
|
release:
|
|
type: boolean
|
|
description: "Is this a release build?"
|
|
required: false
|
|
default: false
|
|
workflow_call:
|
|
inputs:
|
|
microService:
|
|
description: "Name of the micro-service image to build"
|
|
type: string
|
|
required: true
|
|
imageTag:
|
|
type: string
|
|
description: "Container image tag"
|
|
required: true
|
|
version:
|
|
type: string
|
|
description: "Version of the image to build"
|
|
required: true
|
|
ref:
|
|
type: string
|
|
description: "Git ref to checkout"
|
|
required: false
|
|
release:
|
|
type: boolean
|
|
description: "Is this a release build?"
|
|
required: true
|
|
|
|
jobs:
|
|
build-micro-service:
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Check out repository
|
|
id: checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
|
with:
|
|
ref: ${{ inputs.ref || github.head_ref }}
|
|
|
|
- name: Setup Go environment
|
|
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
|
with:
|
|
go-version: "1.19.5"
|
|
|
|
# choose the correct Dockerfile depending on what micro-service is being build
|
|
- name: Set Dockerfile variable
|
|
id: set-variable
|
|
run: |
|
|
case "${{ inputs.microService }}" in
|
|
"join-service" )
|
|
echo "microServiceDockerfile=joinservice/Dockerfile" >> "$GITHUB_ENV" ;;
|
|
"keyservice" )
|
|
echo "microServiceDockerfile=keyservice/Dockerfile" >> "$GITHUB_ENV" ;;
|
|
"verification-service" )
|
|
echo "microServiceDockerfile=verify/Dockerfile" >> "$GITHUB_ENV" ;;
|
|
"qemu-metadata-api" )
|
|
echo "microServiceDockerfile=hack/qemu-metadata-api/Dockerfile" >> "$GITHUB_ENV" ;;
|
|
"filebeat-debugd" )
|
|
echo "microServiceDockerfile=debugd/internal/debugd/logcollector/filebeat/Dockerfile" >> "$GITHUB_ENV" ;;
|
|
"logstash-debugd" )
|
|
echo "microServiceDockerfile=debugd/internal/debugd/logcollector/logstash/Dockerfile" >> "$GITHUB_ENV" ;;
|
|
esac
|
|
|
|
- name: Build and upload container image
|
|
id: build-and-upload
|
|
uses: ./.github/actions/build_micro_service
|
|
with:
|
|
name: ${{ inputs.microService }}
|
|
projectVersion: ${{ inputs.version }}
|
|
dockerfile: ${{ env.microServiceDockerfile }}
|
|
pushTag: ${{ inputs.imageTag }}
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
|
cosignPublicKey: ${{ inputs.release && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
|
cosignPrivateKey: ${{ inputs.release && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
|
|
cosignPassword: ${{ inputs.release && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|