This repository has been archived by the owner on Oct 3, 2023. It is now read-only.

add build-rekor-cli job #122

Workflow file for this run

.github/workflows/image-factory.yaml at 5986c9a

	name: Securesign Build and test

	on:
	workflow_dispatch:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	env:
	CGO_ENABLED: 0
	PODMAN_VER: "v4.2.1"
	FULCIO_VER: "v1.4.0"
	TRILLIAN_VER: "redhat-v1.5.2"
	TRILLIAN_DB_VER: "redhat-v1.5.2"
	SCAFFOLDING_VER: "redhat-v0.6.5"
	NET_CAT_VER: "v1.0.0"
	TSA_VER: "redhat-v1.1.2"
	COSIGN_VER: "redhat-v2.1.1"
	REKOR_VER: "redhat-v1.2.2"

	jobs:

	build-fulcio:
	env:
	CGO_ENABLED: 1 # CGO is required for podman
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote fulcio repository
	uses: actions/checkout@v2
	with:
	repository: securesign/fulcio
	path: fulcio
	ref: release-next

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push fulcio
	run: \|
	cd fulcio
	docker build -t quay.io/securesign/fulcio:${FULCIO_VER} .
	docker push quay.io/securesign/fulcio:${FULCIO_VER}

	build-rekor:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote rekor repository
	uses: actions/checkout@v3
	with:
	repository: securesign/rekor
	ref: ${{ env.REKOR_VER }}

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Install go
	uses: actions/setup-go@v3
	with:
	go-version: "1.20.2"

	- name: Build rekor image
	id: build-image
	uses: redhat-actions/buildah-build@v2
	with:
	image: securesign/rekor
	tags: ${{ env.REKOR_VER }} ${{ github.sha }}
	containerfiles: \|
	./Dockerfile

	- name: Push To quay.io
	id: push-to-quay
	uses: redhat-actions/push-to-registry@v2
	with:
	image: ${{ steps.build-image.outputs.image }}
	tags: ${{ steps.build-image.outputs.tags }}
	registry: quay.io/securesign
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: Print image url
	run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}"

	build-scaffold:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote scaffolding repository
	uses: actions/checkout@v2
	with:
	repository: securesign/scaffolding
	path: scaffolding
	ref: ${{ env.SCAFFOLDING_VER }}

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push scaffolding
	run: \|
	cd scaffolding
	podman build -t quay.io/securesign/cloudsqlproxy:${SCAFFOLDING_VER} . -f Dockerfile.cloudsqlproxy
	podman push quay.io/securesign/cloudsqlproxy:${SCAFFOLDING_VER}
	podman build -t quay.io/securesign/createcerts:${SCAFFOLDING_VER} . -f Dockerfile.createcerts
	podman push quay.io/securesign/createcerts:${SCAFFOLDING_VER}
	podman build -t quay.io/securesign/createctconfig:${SCAFFOLDING_VER} . -f Dockerfile.createctconfig
	podman push quay.io/securesign/createctconfig:${SCAFFOLDING_VER}
	podman build -t quay.io/securesign/createdb:${SCAFFOLDING_VER} . -f Dockerfile.createdb
	podman push quay.io/securesign/createdb:${SCAFFOLDING_VER}
	podman build -t quay.io/securesign/createtree:${SCAFFOLDING_VER} . -f Dockerfile.createtree
	podman push quay.io/securesign/createcerts:${SCAFFOLDING_VER}
	podman build -t quay.io/securesign/tuf/server:${SCAFFOLDING_VER} . -f Dockerfile.tuf-server
	podman push quay.io/securesign/tuf/server:${SCAFFOLDING_VER}



	build-tuf:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote rekor repository
	uses: actions/checkout@v2
	with:
	repository: sabre1041/sigstore-scaffolding
	path: scaffolding
	ref: scaffolding-standalone

	- name: install ko
	uses: imjasonh/setup-ko@v0.6
	env:
	KO_DOCKER_REPO: quay.io/securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push scaffolding
	run: \|
	cd scaffolding
	KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve

	build-trillian:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote trillian repository
	uses: actions/checkout@v3
	with:
	repository: securesign/trillian
	ref: release-next

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push trillian
	run: \|
	podman build -t quay.io/securesign/trillian_log_server:${TRILLIAN_VER} . -f Dockerfile.logserver
	podman push quay.io/securesign/trillian_log_server:${TRILLIAN_VER}
	podman build -t quay.io/securesign/trillian_log_signer:${TRILLIAN_VER} . -f Dockerfile.logsigner
	podman push quay.io/securesign/trillian_log_signer:${TRILLIAN_VER}

	build-trillian-db:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote trillian repository
	uses: actions/checkout@v2
	with:
	repository: securesign/trillian
	path: trillian
	ref: ${{ env.TRILLIAN_DB_VER }}

	- name: pull down the securesign repo
	uses: actions/checkout@v2
	with:
	path: securesign

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build and push trillian
	run: \|
	cd trillian
	cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/
	podman build . --tag quay.io/securesign/trillian-db:${TRILLIAN_DB_VER} -f examples/deployment/docker/db_server/Dockerfile
	podman push quay.io/securesign/trillian-db:${TRILLIAN_DB_VER}

	build-tsa:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the remote timestamp-authority repository
	uses: actions/checkout@v2
	with:
	repository: securesign/timestamp-authority
	path: timestamp-authority
	ref: ${{ env.TSA_VER }}

	- name: login to registry.redhat.io
	uses: docker/login-action@v1
	with:
	registry: registry.redhat.io
	username: ${{ secrets.RH_REGISTRY_USER }}
	password: ${{ secrets.RH_REGISTRY_PASSWORD }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: Build tsa
	run: \|
	cd timestamp-authority
	podman build . --tag quay.io/securesign/timestamp-server:${{ env.TSA_VER }} -f Dockerfile

	- name: Push tsa
	run: podman push quay.io/securesign/timestamp-server:${{ env.TSA_VER }}


	build-netcat:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the repository
	uses: actions/checkout@v2

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: build netcat
	run: podman build -t quay.io/securesign/netcat:${NET_CAT_VER} -f netcat/Dockerfile

	- name: push netcat
	run: podman push quay.io/securesign/netcat:${NET_CAT_VER}

	build-cosign:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the Cosign repository
	uses: actions/checkout@v2
	with:
	repository: securesign/cosign
	ref: ${{ env.COSIGN_VER }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: Build Cosign
	run: podman build . --tag quay.io/securesign/cosign:${{ env.COSIGN_VER }} -f Dockerfile

	- name: Push Cosign
	run: podman push quay.io/securesign/cosign:${{ env.COSIGN_VER }}

	build-rekor-cli:
	runs-on: ubuntu-20.04
	steps:
	- name: Check out the rekor repository
	uses: actions/checkout@v2
	with:
	repository: securesign/rekor
	ref: ${{ env.REKOR_VER }}

	- name: Login to Quay
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: ${{ secrets.REGISTRY_USER }}
	password: ${{ secrets.REGISTRY_PASSWORD }}

	- name: Build rekor-cli
	run: podman build . --tag quay.io/securesign/rekor-cli:${{ env.REKOR_VER }} -f Dockerfile.cli

	- name: Push rekor-cli
	run: podman push quay.io/securesign/rekor-cli:${{ env.REKOR_VER }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add build-rekor-cli job #122

Workflow file

add build-rekor-cli job #122

Jobs

Run details

Workflow file for this run