constellation/.github/workflows/build-keyservice-image.yml
renovate[bot] 5dad9bfad7
deps: update GitHub action dependencies (#1591)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 16:36:43 +02:00

46 lines
1.6 KiB
YAML

name: Build and upload KeyService image
env:
REGISTRY: ghcr.io
on:
workflow_dispatch:
push:
branches:
- main
- "release/**"
paths:
- "keyservice/**"
- "internal/**"
- "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops
- ".github/workflows/build-keyservice-image.yml"
jobs:
build-keyservice:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: "1.20.2"
- name: Build and upload KeyService container image
id: build-and-upload
uses: ./.github/actions/build_micro_service_ko
with:
name: key-service
koConfig: .ko.yaml
koTarget: ./keyservice/cmd
githubToken: ${{ secrets.GITHUB_TOKEN }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}