mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-09 22:49:39 -05:00
88e3da750e
Currently tags can be empty when building a ko image. However, --bare may not work in case --tags is empty, as per ko docs. Also remove redundant build step in release pipeline. Co-authored-by: Malte Poll <mp@edgeless.systems>
69 lines
2.1 KiB
YAML
69 lines
2.1 KiB
YAML
name: Build micro service (KO)
|
|
description: Build and upload a container image for a Constellation micro-service
|
|
inputs:
|
|
name:
|
|
description: "Name of the micro-service"
|
|
required: true
|
|
koConfig:
|
|
description: "Path to the .ko.yaml config file"
|
|
default: ".ko.yaml"
|
|
required: false
|
|
koTarget:
|
|
description: "Go package to build with ko"
|
|
required: true
|
|
pushTag:
|
|
description: "Use this image tag"
|
|
required: false
|
|
githubToken:
|
|
description: "GitHub authorization token"
|
|
required: true
|
|
generateKoSBOM:
|
|
description: "Generate unsigned ko SBOM"
|
|
required: false
|
|
default: "false"
|
|
cosignPublicKey:
|
|
description: "Cosign public key"
|
|
required: true
|
|
cosignPrivateKey:
|
|
description: "Cosign private key"
|
|
required: true
|
|
cosignPassword:
|
|
description: "Password for Cosign private key"
|
|
required: false
|
|
|
|
# Linux runner only
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Build and upload container image
|
|
id: build-and-upload
|
|
uses: ./.github/actions/build_ko
|
|
with:
|
|
name: ${{ inputs.name }}
|
|
koConfig: ${{ inputs.koConfig }}
|
|
koTarget: ${{ inputs.koTarget }}
|
|
pushTag: ${{ inputs.pushTag }}
|
|
githubToken: ${{ inputs.GITHUB_TOKEN }}
|
|
|
|
- name: Download ko Container Data
|
|
id: download_container_data
|
|
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
|
with:
|
|
name: container_data_ko
|
|
path: CONTAINER_DATA_KO
|
|
|
|
- name: Set container url to Github Env
|
|
shell: bash
|
|
run: |
|
|
container_full=$(jq -r .container_full < container_data_ko.json)
|
|
echo CONTAINER_FULL=$container_full >> $GITHUB_ENV
|
|
|
|
- name: Generate SBOM
|
|
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' && inputs.generateKoSBOM == 'false'
|
|
uses: ./.github/actions/container_sbom
|
|
with:
|
|
containerReference: ${{ env.CONTAINER_FULL }}
|
|
cosignPublicKey: ${{ inputs.cosignPublicKey }}
|
|
cosignPrivateKey: ${{ inputs.cosignPrivateKey }}
|
|
cosignPassword: ${{ inputs.cosignPassword }}
|