mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-09-20 08:15:56 +00:00
90b88e1cf9
In the light of extending our eKMS support it will be helpful to have a tighter use of the word "KMS". KMS should refer to the actual component that manages keys. The keyservice, also called KMS in the constellation code, does not manage keys itself. It talks to a KMS backend, which in turn does the actual key management.
43 lines
1.5 KiB
YAML
43 lines
1.5 KiB
YAML
name: Build and upload KeyService image
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "release/**"
|
|
paths:
|
|
- "keyservice/**"
|
|
- "internal/**"
|
|
- "!internal/versions/versions.go" # Don't build on version bumps to avoid infinite loops
|
|
|
|
jobs:
|
|
build-keyservice:
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Check out repository
|
|
id: checkout
|
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
|
with:
|
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
|
|
|
- name: Setup Go environment
|
|
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
|
with:
|
|
go-version: "1.19.5"
|
|
|
|
- name: Build and upload KeyService container image
|
|
id: build-and-upload
|
|
uses: ./.github/actions/build_micro_service
|
|
with:
|
|
name: keyservice
|
|
projectVersion: "0.0.0"
|
|
dockerfile: keyservice/Dockerfile
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
|
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
|
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
|
|
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|