mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-28 00:49:26 -05:00
30b22cd17f
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
111 lines
3.3 KiB
YAML
111 lines
3.3 KiB
YAML
name: Build micro service using Ko
|
|
description: Build and upload a go micro service using ko
|
|
inputs:
|
|
name:
|
|
description: "Name of the micro-service"
|
|
required: true
|
|
registry:
|
|
description: "Name of the registry to use"
|
|
required: false
|
|
default: "ghcr.io"
|
|
pseudoVersion:
|
|
description: "Check if pseudo-version should be generated"
|
|
default: "false"
|
|
required: true
|
|
koConfig:
|
|
description: "Path to the .ko.yaml config file"
|
|
required: false
|
|
default: ".ko.yaml"
|
|
koTarget:
|
|
description: "Go package to build with ko"
|
|
required: true
|
|
pushTag:
|
|
description: "Use this image tag"
|
|
required: false
|
|
githubToken:
|
|
description: "GitHub authorization token"
|
|
required: true
|
|
generateKoSBOM:
|
|
description: "Generate unsigned ko SBOM"
|
|
required: false
|
|
default: "false"
|
|
|
|
outputs:
|
|
container_full:
|
|
description: "Full container reference"
|
|
value: ${{ steps.build.container_full }}
|
|
container_image:
|
|
description: "Container image"
|
|
value: ${{ steps.build.outputs.container_image }}
|
|
container_tag:
|
|
description: "Container tag"
|
|
value: ${{ steps.build.container_tag }}
|
|
|
|
# Linux runner only
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- name: Determine pseudo version
|
|
if: inputs.pseudoVersion == 'true'
|
|
id: pseudo-version
|
|
uses: ./.github/actions/pseudo_version
|
|
|
|
- name: Set up ko
|
|
uses: imjasonh/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
|
|
|
|
- name: Build and upload ko container image
|
|
id: build
|
|
shell: bash
|
|
env:
|
|
KO_USER: ${{ github.actor }}
|
|
KO_CONFIG_PATH: ${{ inputs.koConfig }}
|
|
KO_PASSWORD: ${{ inputs.githubToken }}
|
|
KO_DOCKER_REPO: ${{ inputs.registry }}/edgelesssys/${{ inputs.name }}-ko
|
|
run: |
|
|
tags=""
|
|
sbom=""
|
|
|
|
if [[ "${{ github.ref }}" == "${{ github.event.repository.default_branch }}" ]]; then
|
|
tags="latest"
|
|
else:
|
|
tags="${{ github.sha }}"
|
|
fi
|
|
|
|
if [ -n "${{ inputs.pushTag }}" ]; then
|
|
if [ -n "${tags}" ]; then
|
|
tags="${tags},${{ inputs.pushTag }}"
|
|
else
|
|
tags="${{ inputs.pushTag }}"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${{ steps.pseudo-version.outputs.pseudoVersion }}" ]; then
|
|
if [ -n "${tags}" ]; then
|
|
tags="${tags},${{ steps.pseudo-version.outputs.pseudoVersion }}"
|
|
else
|
|
tags="${{ steps.pseudo-version.outputs.pseudoVersion }}"
|
|
fi
|
|
fi
|
|
|
|
if [ "${{ inputs.generateKoSBOM }}" == "false" ]; then
|
|
sbom="--sbom=none"
|
|
fi
|
|
|
|
container_full=$(ko build ${{ inputs.koTarget }} --bare --tags ${tags} ${sbom})
|
|
container_image=$(echo $container_full | cut -d@ -f1)
|
|
container_sha256=$(echo $container_full | cut -d: -f2)
|
|
|
|
cat <<EOF > container_data_ko.json
|
|
{
|
|
"container_full": "${container_full}",
|
|
"container_image": "${container_image}",
|
|
"container_sha256": "${container_sha256}"
|
|
}
|
|
EOF
|
|
|
|
- name: Upload Container Data # since github censors hashes that may share data with secrets, we need to upload the data as an artifact
|
|
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
|
with:
|
|
name: container_data_ko
|
|
path: container_data_ko.json
|