This repository has been archived by the owner on Oct 3, 2023. It is now read-only.
Adjusted for new trillian Dockerfiles that are present in root #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Securesign Build and test | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| env: | |
| CGO_ENABLED: 0 | |
| PODMAN_VER: "v4.2.1" | |
| FULCIO_VER: "v1.4.0" | |
| TRILLIAN_VER: "redhat-v1.5.2" | |
| TRILLIAN_DB_VER: "redhat-v1.5.2" | |
| SCAFFOLDING_VER: "v0.6.4" | |
| NET_CAT_VER: "v1.0.0" | |
| TSA_VER: "redhat-v1.1.2" | |
| COSIGN_VER: "v2.1.1" | |
| REKOR_VER: "redhat-v1.2.2" | |
| jobs: | |
| build-fulcio: | |
| env: | |
| CGO_ENABLED: 1 # CGO is required for podman | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote fulcio repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: securesign/fulcio | |
| path: fulcio | |
| ref: release-next | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: build and push fulcio | |
| run: | | |
| cd fulcio | |
| docker build -t quay.io/securesign/fulcio:${FULCIO_VER} . | |
| docker push quay.io/securesign/fulcio:${FULCIO_VER} | |
| build-rekor: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote rekor repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: securesign/rekor | |
| ref: ${{ env.REKOR_VER }} | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Install go | |
| uses: actions/setup-go@v3 | |
| with: | |
| go-version: "1.20.2" | |
| - name: Build rekor image | |
| id: build-image | |
| uses: redhat-actions/buildah-build@v2 | |
| with: | |
| image: securesign/rekor | |
| tags: ${{ env.REKOR_VER }} ${{ github.sha }} | |
| containerfiles: | | |
| ./Dockerfile | |
| - name: Push To quay.io | |
| id: push-to-quay | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| image: ${{ steps.build-image.outputs.image }} | |
| tags: ${{ steps.build-image.outputs.tags }} | |
| registry: quay.io/securesign | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Print image url | |
| run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
| build-scaffold: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote rekor repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: securesign/scaffolding | |
| path: scaffolding | |
| ref: ${{ env.SCAFFOLDING_VER }} | |
| - name: install ko | |
| uses: imjasonh/setup-ko@v0.6 | |
| env: | |
| KO_DOCKER_REPO: quay.io/securesign | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: build and push scaffolding | |
| run: | | |
| cd scaffolding | |
| KO_DOCKER_REPO=quay.io/securesign KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | |
| build-tuf: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote rekor repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: sabre1041/sigstore-scaffolding | |
| path: scaffolding | |
| ref: scaffolding-standalone | |
| - name: install ko | |
| uses: imjasonh/setup-ko@v0.6 | |
| env: | |
| KO_DOCKER_REPO: quay.io/securesign | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: build and push scaffolding | |
| run: | | |
| cd scaffolding | |
| KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | |
| build-trillian: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote trillian repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: securesign/trillian | |
| ref: release-next | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: build and push trillian | |
| run: | | |
| podman build -t quay.io/securesign/trillian_log_server:${TRILLIAN_VER} . -f Dockerfile.logserver | |
| podman push quay.io/securesign/trillian_log_server:${TRILLIAN_VER} | |
| podman build -t quay.io/securesign/trillian_log_signer:${TRILLIAN_VER} . -f Dockerfile.logsigner | |
| podman push quay.io/securesign/trillian_log_signer:${TRILLIAN_VER} | |
| build-trillian-db: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote trillian repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: securesign/trillian | |
| path: trillian | |
| ref: ${{ env.TRILLIAN_DB_VER }} | |
| - name: pull down the securesign repo | |
| uses: actions/checkout@v2 | |
| with: | |
| path: securesign | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: build and push trillian | |
| run: | | |
| cd trillian | |
| cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/ | |
| podman build . --tag quay.io/securesign/trillian-db:${TRILLIAN_DB_VER} -f examples/deployment/docker/db_server/Dockerfile | |
| podman push quay.io/securesign/trillian-db:${TRILLIAN_DB_VER} | |
| build-tsa: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the remote timestamp-authority repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: securesign/timestamp-authority | |
| path: timestamp-authority | |
| ref: ${{ env.TSA_VER }} | |
| - name: login to registry.redhat.io | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.redhat.io | |
| username: ${{ secrets.RH_REGISTRY_USER }} | |
| password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Build tsa | |
| run: | | |
| cd timestamp-authority | |
| podman build . --tag quay.io/securesign/timestamp-server:${{ env.TSA_VER }} -f Dockerfile | |
| - name: Push tsa | |
| run: podman push quay.io/securesign/timestamp-server:${{ env.TSA_VER }} | |
| build-netcat: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the repository | |
| uses: actions/checkout@v2 | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: build netcat | |
| run: podman build -t quay.io/securesign/netcat:${NET_CAT_VER} -f netcat/Dockerfile | |
| - name: push netcat | |
| run: podman push quay.io/securesign/netcat:${NET_CAT_VER} | |
| build-cosign: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Check out the Cosign repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: securesign/cosign | |
| ref: ${{ env.COSIGN_VER }} | |
| - name: Pull down the securesign repo | |
| uses: actions/checkout@v2 | |
| with: | |
| path: securesign | |
| - name: Login to Quay | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: ${{ secrets.REGISTRY_USER }} | |
| password: ${{ secrets.REGISTRY_PASSWORD }} | |
| - name: Build Cosign | |
| run: | | |
| cp -rp ${{ github.workspace }}/securesign/cosign/* . | |
| podman build . --tag quay.io/securesign/cosign:${{ env.COSIGN_VER }} -f Dockerfile | |
| - name: Push Cosign | |
| run: podman push quay.io/securesign/cosign:${{ env.COSIGN_VER }} |