Skip to content
This repository has been archived by the owner on Oct 3, 2023. It is now read-only.
Securesign Build and test

feat: Version Environment Variables #71

Sign in to view logs

feat: Version Environment Variables

feat: Version Environment Variables #71

Workflow file for this run

.github/workflows/image-factory.yaml at 3737972
name: Securesign Build and test
on:
workflow_dispatch:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
CGO_ENABLED: 0
PODMAN_VER: v4.2.1
FULCIO_VER: v1.4.0
TRILLIAN_VER: v1.2.2
TRILLIAN_DB_VER: v1.5.2
SCAFFOLDING_VER: V0.6.4
NET_CAT_VER: v1.0.0
TSA_VER: v1.1.1
RUNS_ON: ubuntu-20.04
jobs:
build-fulcio:
env:
CGO_ENABLED: 1 # CGO is required for podman
runs-on: ${{ env.RUNS_ON }}

Check failure on line 26 in .github/workflows/image-factory.yaml

View workflow run for this annotation

GitHub Actions / Securesign Build and test

Invalid workflow file 

The workflow is not valid. .github/workflows/image-factory.yaml (Line: 26, Col: 14): Unrecognized named-value: 'env'. Located at position 1 within expression: env.RUNS_ON .github/workflows/image-factory.yaml (Line: 59, Col: 14): Unrecognized named-value: 'env'. Located at position 1 within expression: env.RUNS_ON
steps:
- name: Check out the remote fulcio repository
uses: actions/checkout@v2
with:
repository: securesign/fulcio
path: fulcio
ref: ${{ env.FULCIO_VER }}
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: replace the fulcio build image
run: bash -c -- "sed -i 's#golang:1\.[0-9]*\.[0-9]*@sha256:[a-f0-9]*#registry.redhat.io/rhel9/go-toolset@sha256:113e69fdfa23b41ea82e5da2e4a5b13bca44713fe597ff862ef977a4a2fedda5#g' fulcio/Dockerfile"
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build and push fulcio
run: |
cd fulcio
docker build -t quay.io/securesign/fulcio:${{ env.FULCIO_VER }} .
docker push quay.io/securesign/fulcio:${{ env.FULCIO_VER }}
build-rekor:
runs-on: ${{ env.RUNS_ON }}
steps:
- name: Check out the remote rekor repository
uses: actions/checkout@v3
with:
repository: securesign/rekor
ref: release-next
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: Install go
uses: actions/setup-go@v3
with:
go-version: "1.20.2"
- name: Build rekor image
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: securesign/rekor
tags: latest ${{ github.sha }} release-next
containerfiles: |
./Dockerfile
- name: Push To quay.io
id: push-to-quay
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: quay.io/securesign
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Print image url
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"
build-scaffold:
runs-on: ${{ env.RUNS_ON }}
steps:
- name: Check out the remote rekor repository
uses: actions/checkout@v2
with:
repository: securesign/scaffolding
path: scaffolding
ref: $SCAFFOLDING_VER
- name: install ko
uses: imjasonh/setup-ko@v0.6
env:
KO_DOCKER_REPO: quay.io/securesign
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build and push scaffolding
run: |
cd scaffolding
KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve
build-tuf:
runs-on: $RUNS_ON
steps:
- name: Check out the remote rekor repository
uses: actions/checkout@v2
with:
repository: sabre1041/sigstore-scaffolding
path: scaffolding
ref: scaffolding-standalone
- name: install ko
uses: imjasonh/setup-ko@v0.6
env:
KO_DOCKER_REPO: quay.io/securesign
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build and push scaffolding
run: |
cd scaffolding
KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve
build-trillian:
runs-on: ${{ env.RUNS_ON }}
steps:
- name: Check out the remote rekor repository
uses: actions/checkout@v2
with:
repository: securesign/rekor
path: rekor
ref: ${{ env.TRILLIAN_VER }}
- name: install ko
uses: imjasonh/setup-ko@v0.6
env:
KO_DOCKER_REPO: quay.io/securesign
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build and push trillian
run: |
cd rekor
KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-trillian
build-trillian-db:
runs-on: ${{ env.RUNS_ON }}
steps:
- name: Check out the remote trillian repository
uses: actions/checkout@v2
with:
repository: securesign/trillian
path: trillian
ref: ${{ env.TRILLIAN_DB_VER }}
- name: pull down the securesign repo
uses: actions/checkout@v2
with:
path: securesign
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build and push trillian
run: |
cd trillian
cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/
podman build . --tag quay.io/securesign/trillian-db:${{ env.TRILLIAN_DB_VER }} -f examples/deployment/docker/db_server/Dockerfile
podman push quay.io/securesign/trillian-db:${{ env.TRILLIAN_DB_VER }}
build-tsa:
runs-on: ${{ env.RUNS_ON }}
steps:
- name: Check out the remote timestamp-authority repository
uses: actions/checkout@v2
with:
repository: securesign/timestamp-authority
path: timestamp-authority
ref: ${{ env.TSA_VER }}
- name: install ko
uses: imjasonh/setup-ko@v0.6
env:
KO_DOCKER_REPO: quay.io/securesign
- name: login to registry.redhat.io
uses: docker/login-action@v1
with:
registry: registry.redhat.io
username: ${{ secrets.RH_REGISTRY_USER }}
password: ${{ secrets.RH_REGISTRY_PASSWORD }}
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build and push tsa
run: |
cd timestamp-authority
KO_PREFIX=quay.io/securesign KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko
build-netcat:
runs-on: ${{ env.RUNS_ON }}
steps:
- name: Check out the repository
uses: actions/checkout@v2
- name: Login to Quay
uses: docker/login-action@v1
with:
registry: quay.io
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: build netcat
run: podman build -t quay.io/securesign/netcat:${{ env.NETCAT_VER }} -f netcat/Dockerfile
- name: push netcat
run: podman push quay.io/securesign/netcat:${{ env.NETCAT_VER }}