This repository has been archived by the owner on Oct 3, 2023. It is now read-only.
Securesign Build and test #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Securesign Build and test | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
env: | |
CGO_ENABLED: 0 | |
PODMAN_VER: v4.2.1 | |
jobs: | |
build-fulcio: | |
env: | |
CGO_ENABLED: 1 # CGO is required for podman | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote fulcio repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/fulcio | |
path: fulcio | |
ref: v1.3.1 | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: replace the fulcio build image | |
run: bash -c -- "sed -i 's#golang:1\.[0-9]*\.[0-9]*@sha256:[a-f0-9]*#registry.redhat.io/rhel9/go-toolset@sha256:113e69fdfa23b41ea82e5da2e4a5b13bca44713fe597ff862ef977a4a2fedda5#g' fulcio/Dockerfile" | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push fulcio | |
run: | | |
cd fulcio | |
docker build -t quay.io/securesign/fulcio:v1.3.1 . | |
docker push quay.io/securesign/fulcio:v1.3.1 | |
build-rekor: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/rekor | |
path: rekor | |
ref: v1.2.2 | |
- name: install ko | |
uses: imjasonh/setup-ko@v0.6 | |
env: | |
KO_DOCKER_REPO: quay.io/securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push rekor | |
run: | | |
cd rekor | |
KO_PREFIX=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko | |
build-scaffold: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/scaffolding | |
path: scaffolding | |
ref: v0.6.4 | |
- name: install ko | |
uses: imjasonh/setup-ko@v0.6 | |
env: | |
KO_DOCKER_REPO: quay.io/securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push scaffolding | |
run: | | |
cd scaffolding | |
KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | |
build-tuf: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: sabre1041/sigstore-scaffolding | |
path: scaffolding | |
ref: scaffolding-standalone | |
- name: install ko | |
uses: imjasonh/setup-ko@v0.6 | |
env: | |
KO_DOCKER_REPO: quay.io/securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push scaffolding | |
run: | | |
cd scaffolding | |
KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | |
build-trillian: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/rekor | |
path: rekor | |
ref: v1.2.2 | |
- name: install ko | |
uses: imjasonh/setup-ko@v0.6 | |
env: | |
KO_DOCKER_REPO: quay.io/securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push trillian | |
run: | | |
cd rekor | |
KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-trillian | |
build-trillian-db: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote trillian repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/trillian | |
path: trillian | |
ref: v1.5.2 | |
- name: pull down the securesign repo | |
uses: actions/checkout@v2 | |
with: | |
path: securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push trillian | |
run: | | |
cd trillian | |
cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/ | |
podman build . --tag quay.io/securesign/trillian-db:v1.5.2 -f examples/deployment/docker/db_server/Dockerfile | |
podman push quay.io/securesign/trillian-db:v1.5.2 | |
build-tsa: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote timestamp-authority repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/timestamp-authority | |
path: timestamp-authority | |
ref: v1.1.1 | |
- name: install ko | |
uses: imjasonh/setup-ko@v0.6 | |
env: | |
KO_DOCKER_REPO: quay.io/securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push tsa | |
run: | | |
cd timestamp-authority | |
KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko | |
build-netcat: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v2 | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build netcat | |
run: podman build -t quay.io/securesign/netcat:v1.0.0 -f netcat/Dockerfile | |
- name: push netcat | |
run: podman push quay.io/securesign/netcat:v1.0.0 |