This repository has been archived by the owner on Oct 3, 2023. It is now read-only.
feat: Version Environment Variables #71
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Securesign Build and test | ||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: [ main ] | ||
pull_request: | ||
branches: [ main ] | ||
env: | ||
CGO_ENABLED: 0 | ||
PODMAN_VER: v4.2.1 | ||
FULCIO_VER: v1.4.0 | ||
TRILLIAN_VER: v1.2.2 | ||
TRILLIAN_DB_VER: v1.5.2 | ||
SCAFFOLDING_VER: V0.6.4 | ||
NET_CAT_VER: v1.0.0 | ||
TSA_VER: v1.1.1 | ||
RUNS_ON: ubuntu-20.04 | ||
jobs: | ||
build-fulcio: | ||
env: | ||
CGO_ENABLED: 1 # CGO is required for podman | ||
runs-on: ${{ env.RUNS_ON }} | ||
Check failure on line 26 in .github/workflows/image-factory.yaml GitHub Actions / Securesign Build and testInvalid workflow file
|
||
steps: | ||
- name: Check out the remote fulcio repository | ||
uses: actions/checkout@v2 | ||
with: | ||
repository: securesign/fulcio | ||
path: fulcio | ||
ref: ${{ env.FULCIO_VER }} | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: replace the fulcio build image | ||
run: bash -c -- "sed -i 's#golang:1\.[0-9]*\.[0-9]*@sha256:[a-f0-9]*#registry.redhat.io/rhel9/go-toolset@sha256:113e69fdfa23b41ea82e5da2e4a5b13bca44713fe597ff862ef977a4a2fedda5#g' fulcio/Dockerfile" | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build and push fulcio | ||
run: | | ||
cd fulcio | ||
docker build -t quay.io/securesign/fulcio:${{ env.FULCIO_VER }} . | ||
docker push quay.io/securesign/fulcio:${{ env.FULCIO_VER }} | ||
build-rekor: | ||
runs-on: ${{ env.RUNS_ON }} | ||
steps: | ||
- name: Check out the remote rekor repository | ||
uses: actions/checkout@v3 | ||
with: | ||
repository: securesign/rekor | ||
ref: release-next | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: Install go | ||
uses: actions/setup-go@v3 | ||
with: | ||
go-version: "1.20.2" | ||
- name: Build rekor image | ||
id: build-image | ||
uses: redhat-actions/buildah-build@v2 | ||
with: | ||
image: securesign/rekor | ||
tags: latest ${{ github.sha }} release-next | ||
containerfiles: | | ||
./Dockerfile | ||
- name: Push To quay.io | ||
id: push-to-quay | ||
uses: redhat-actions/push-to-registry@v2 | ||
with: | ||
image: ${{ steps.build-image.outputs.image }} | ||
tags: ${{ steps.build-image.outputs.tags }} | ||
registry: quay.io/securesign | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: Print image url | ||
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | ||
build-scaffold: | ||
runs-on: ${{ env.RUNS_ON }} | ||
steps: | ||
- name: Check out the remote rekor repository | ||
uses: actions/checkout@v2 | ||
with: | ||
repository: securesign/scaffolding | ||
path: scaffolding | ||
ref: $SCAFFOLDING_VER | ||
- name: install ko | ||
uses: imjasonh/setup-ko@v0.6 | ||
env: | ||
KO_DOCKER_REPO: quay.io/securesign | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build and push scaffolding | ||
run: | | ||
cd scaffolding | ||
KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | ||
build-tuf: | ||
runs-on: $RUNS_ON | ||
steps: | ||
- name: Check out the remote rekor repository | ||
uses: actions/checkout@v2 | ||
with: | ||
repository: sabre1041/sigstore-scaffolding | ||
path: scaffolding | ||
ref: scaffolding-standalone | ||
- name: install ko | ||
uses: imjasonh/setup-ko@v0.6 | ||
env: | ||
KO_DOCKER_REPO: quay.io/securesign | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build and push scaffolding | ||
run: | | ||
cd scaffolding | ||
KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | ||
build-trillian: | ||
runs-on: ${{ env.RUNS_ON }} | ||
steps: | ||
- name: Check out the remote rekor repository | ||
uses: actions/checkout@v2 | ||
with: | ||
repository: securesign/rekor | ||
path: rekor | ||
ref: ${{ env.TRILLIAN_VER }} | ||
- name: install ko | ||
uses: imjasonh/setup-ko@v0.6 | ||
env: | ||
KO_DOCKER_REPO: quay.io/securesign | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build and push trillian | ||
run: | | ||
cd rekor | ||
KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-trillian | ||
build-trillian-db: | ||
runs-on: ${{ env.RUNS_ON }} | ||
steps: | ||
- name: Check out the remote trillian repository | ||
uses: actions/checkout@v2 | ||
with: | ||
repository: securesign/trillian | ||
path: trillian | ||
ref: ${{ env.TRILLIAN_DB_VER }} | ||
- name: pull down the securesign repo | ||
uses: actions/checkout@v2 | ||
with: | ||
path: securesign | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build and push trillian | ||
run: | | ||
cd trillian | ||
cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/ | ||
podman build . --tag quay.io/securesign/trillian-db:${{ env.TRILLIAN_DB_VER }} -f examples/deployment/docker/db_server/Dockerfile | ||
podman push quay.io/securesign/trillian-db:${{ env.TRILLIAN_DB_VER }} | ||
build-tsa: | ||
runs-on: ${{ env.RUNS_ON }} | ||
steps: | ||
- name: Check out the remote timestamp-authority repository | ||
uses: actions/checkout@v2 | ||
with: | ||
repository: securesign/timestamp-authority | ||
path: timestamp-authority | ||
ref: ${{ env.TSA_VER }} | ||
- name: install ko | ||
uses: imjasonh/setup-ko@v0.6 | ||
env: | ||
KO_DOCKER_REPO: quay.io/securesign | ||
- name: login to registry.redhat.io | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: registry.redhat.io | ||
username: ${{ secrets.RH_REGISTRY_USER }} | ||
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build and push tsa | ||
run: | | ||
cd timestamp-authority | ||
KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko | ||
build-netcat: | ||
runs-on: ${{ env.RUNS_ON }} | ||
steps: | ||
- name: Check out the repository | ||
uses: actions/checkout@v2 | ||
- name: Login to Quay | ||
uses: docker/login-action@v1 | ||
with: | ||
registry: quay.io | ||
username: ${{ secrets.REGISTRY_USER }} | ||
password: ${{ secrets.REGISTRY_PASSWORD }} | ||
- name: build netcat | ||
run: podman build -t quay.io/securesign/netcat:${{ env.NETCAT_VER }} -f netcat/Dockerfile | ||
- name: push netcat | ||
run: podman push quay.io/securesign/netcat:${{ env.NETCAT_VER }} |