constellation/.github/workflows/release-cli.yml
Fabian Kammel 7ee8f65889
Delete dependabot and prepare renovate (#238)
* Delete microserivce template.
* Remove dependabot config
* Prepare renovate by adopting GitHub actions syntax
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-12 18:05:58 +02:00

100 lines
3.9 KiB
YAML

name: Build CLI and prepare release
on:
workflow_dispatch:
jobs:
build-cli:
runs-on: ubuntu-latest
steps:
- name: Checkout
id: checkout
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
- name: Setup Go environment
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0
with:
go-version: "1.19.2"
- name: Build cli-linux-amd64
uses: ./.github/actions/build_cli
with:
targetOS: linux
targetArch: amd64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
- name: Build cli-linux-arm64
uses: ./.github/actions/build_cli
with:
targetOS: linux
targetArch: arm64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
- name: Build cli-darwin-amd64
uses: ./.github/actions/build_cli
with:
targetOS: darwin
targetArch: amd64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
- name: Build cli-darwin-arm64
uses: ./.github/actions/build_cli
with:
targetOS: darwin
targetArch: arm64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
- name: Login to Azure
uses: ./.github/actions/azure_login
with:
azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
- name: Login to GCP
uses: ./.github/actions/gcp_login
with:
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Build version manifest
run: |
cd hack/build-manifest/
AZURE_SUBSCRIPTION_ID=0d202bbb-4fa7-4af8-8125-58c269a05435 go run . > versions-manifest.json
cat versions-manifest.json
- name: Build SBOMs
run: |
SYFT_VERSION=0.55.0
curl -LO https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz
tar -xzf syft_${SYFT_VERSION}_linux_amd64.tar.gz
./syft version
./syft . --catalogers go-module --file constellation.spdx.sbom -o spdx-json
CONTAINER_VERSION=${GITHUB_REF##*/}
./syft ghcr.io/edgelesssys/constellation/verification-service:${CONTAINER_VERSION} --file verification-service.spdx.sbom -o spdx-json
./syft ghcr.io/edgelesssys/constellation/access-manager:${CONTAINER_VERSION} --file access-manager.spdx.sbom -o spdx-json
./syft ghcr.io/edgelesssys/constellation/join-service:${CONTAINER_VERSION} --file join-service.spdx.sbom -o spdx-json
./syft ghcr.io/edgelesssys/constellation/kmsserver:${CONTAINER_VERSION} --file kmsserver.spdx.sbom -o spdx-json
./syft ghcr.io/edgelesssys/constellation/node-operator:${CONTAINER_VERSION} --file node-operator.spdx.sbom -o spdx-json
if: startsWith(github.ref, 'refs/tags/v')
- name: Create release with artifacts
# GitHub endorsed release project. See: https://github.com/actions/create-release
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # tag=v0.1.14
if: startsWith(github.ref, 'refs/tags/v')
with:
draft: true
files: |
build/constellation-*
build/cosign.pub
hack/build-manifest/versions-manifest.json
*.spdx.sbom