This repository has been archived by the owner on Oct 3, 2023. It is now read-only.

Securesign Build and test #54

Workflow file for this run

.github/workflows/image-factory.yaml at ac74bd5

	name: Securesign Build and test

	on:
	workflow_dispatch:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	env:
	CGO_ENABLED: 0
	PODMAN_VER: v4.2.1

	jobs:

	build-fulcio:
	env:
	CGO_ENABLED: 1 # CGO is required for podman
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote fulcio repository
	uses: actions/checkout@v2
	with:
	repository: securesign/fulcio
	path: fulcio
	ref: v1.3.1

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: replace the fulcio build image
	run: bash -c -- "sed -i 's#golang:1\.[0-9]\.[0-9]@sha256:[a-f0-9]*#registry.redhat.io/rhel9/go-toolset@sha256:113e69fdfa23b41ea82e5da2e4a5b13bca44713fe597ff862ef977a4a2fedda5#g' fulcio/Dockerfile"

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push fulcio
	run: \|
	cd fulcio
	docker build -t quay.io/securesign/fulcio:v1.3.1 .
	docker push quay.io/securesign/fulcio:v1.3.1

	build-rekor:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote rekor repository
	uses: actions/checkout@v2
	with:
	repository: securesign/rekor
	path: rekor
	ref: v1.2.2

	- name: install ko
	uses: imjasonh/setup-ko@v0.6
	env:
	KO_DOCKER_REPO: quay.io/securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push rekor
	run: \|
	cd rekor
	KO_PREFIX=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko

	build-scaffold:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote rekor repository
	uses: actions/checkout@v2
	with:
	repository: securesign/scaffolding
	path: scaffolding
	ref: v0.6.4

	- name: install ko
	uses: imjasonh/setup-ko@v0.6
	env:
	KO_DOCKER_REPO: quay.io/securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push scaffolding
	run: \|
	cd scaffolding
	KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve

	build-tuf:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote rekor repository
	uses: actions/checkout@v2
	with:
	repository: sabre1041/sigstore-scaffolding
	path: scaffolding
	ref: scaffolding-standalone

	- name: install ko
	uses: imjasonh/setup-ko@v0.6
	env:
	KO_DOCKER_REPO: quay.io/securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push scaffolding
	run: \|
	cd scaffolding
	KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve

	build-trillian:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote rekor repository
	uses: actions/checkout@v2
	with:
	repository: securesign/rekor
	path: rekor
	ref: v1.2.2

	- name: install ko
	uses: imjasonh/setup-ko@v0.6
	env:
	KO_DOCKER_REPO: quay.io/securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push trillian
	run: \|
	cd rekor
	KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-trillian

	build-trillian-db:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote trillian repository
	uses: actions/checkout@v2
	with:
	repository: securesign/trillian
	path: trillian
	ref: v1.5.2

	- name: pull down the securesign repo
	uses: actions/checkout@v2
	with:
	path: securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push trillian
	run: \|
	cd trillian
	cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/
	podman build . --tag quay.io/securesign/trillian-db:v1.5.2 -f examples/deployment/docker/db_server/Dockerfile
	podman push quay.io/securesign/trillian-db:v1.5.2

	build-tsa:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote timestamp-authority repository
	uses: actions/checkout@v2
	with:
	repository: securesign/timestamp-authority
	path: timestamp-authority
	ref: v1.1.1

	- name: install ko
	uses: imjasonh/setup-ko@v0.6
	env:
	KO_DOCKER_REPO: quay.io/securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push tsa
	run: \|
	cd timestamp-authority
	KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko


	build-netcat:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the repository
	uses: actions/checkout@v2

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build netcat
	run: podman build -t quay.io/securesign/netcat:v1.0.0 -f netcat/Dockerfile

	- name: push netcat
	run: podman push quay.io/securesign/netcat:v1.0.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Securesign Build and test #54

Workflow file

Securesign Build and test #54

Jobs

Run details

Workflow file for this run