This repository has been archived by the owner on Oct 3, 2023. It is now read-only.
add build-rekor-cli job #122
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Securesign Build and test | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
env: | |
CGO_ENABLED: 0 | |
PODMAN_VER: "v4.2.1" | |
FULCIO_VER: "v1.4.0" | |
TRILLIAN_VER: "redhat-v1.5.2" | |
TRILLIAN_DB_VER: "redhat-v1.5.2" | |
SCAFFOLDING_VER: "redhat-v0.6.5" | |
NET_CAT_VER: "v1.0.0" | |
TSA_VER: "redhat-v1.1.2" | |
COSIGN_VER: "redhat-v2.1.1" | |
REKOR_VER: "redhat-v1.2.2" | |
jobs: | |
build-fulcio: | |
env: | |
CGO_ENABLED: 1 # CGO is required for podman | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote fulcio repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/fulcio | |
path: fulcio | |
ref: release-next | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push fulcio | |
run: | | |
cd fulcio | |
docker build -t quay.io/securesign/fulcio:${FULCIO_VER} . | |
docker push quay.io/securesign/fulcio:${FULCIO_VER} | |
build-rekor: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote rekor repository | |
uses: actions/checkout@v3 | |
with: | |
repository: securesign/rekor | |
ref: ${{ env.REKOR_VER }} | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Install go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: "1.20.2" | |
- name: Build rekor image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: securesign/rekor | |
tags: ${{ env.REKOR_VER }} ${{ github.sha }} | |
containerfiles: | | |
./Dockerfile | |
- name: Push To quay.io | |
id: push-to-quay | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: quay.io/securesign | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Print image url | |
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
build-scaffold: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote scaffolding repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/scaffolding | |
path: scaffolding | |
ref: ${{ env.SCAFFOLDING_VER }} | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push scaffolding | |
run: | | |
cd scaffolding | |
podman build -t quay.io/securesign/cloudsqlproxy:${SCAFFOLDING_VER} . -f Dockerfile.cloudsqlproxy | |
podman push quay.io/securesign/cloudsqlproxy:${SCAFFOLDING_VER} | |
podman build -t quay.io/securesign/createcerts:${SCAFFOLDING_VER} . -f Dockerfile.createcerts | |
podman push quay.io/securesign/createcerts:${SCAFFOLDING_VER} | |
podman build -t quay.io/securesign/createctconfig:${SCAFFOLDING_VER} . -f Dockerfile.createctconfig | |
podman push quay.io/securesign/createctconfig:${SCAFFOLDING_VER} | |
podman build -t quay.io/securesign/createdb:${SCAFFOLDING_VER} . -f Dockerfile.createdb | |
podman push quay.io/securesign/createdb:${SCAFFOLDING_VER} | |
podman build -t quay.io/securesign/createtree:${SCAFFOLDING_VER} . -f Dockerfile.createtree | |
podman push quay.io/securesign/createcerts:${SCAFFOLDING_VER} | |
podman build -t quay.io/securesign/tuf/server:${SCAFFOLDING_VER} . -f Dockerfile.tuf-server | |
podman push quay.io/securesign/tuf/server:${SCAFFOLDING_VER} | |
build-tuf: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: sabre1041/sigstore-scaffolding | |
path: scaffolding | |
ref: scaffolding-standalone | |
- name: install ko | |
uses: imjasonh/setup-ko@v0.6 | |
env: | |
KO_DOCKER_REPO: quay.io/securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push scaffolding | |
run: | | |
cd scaffolding | |
KO_DOCKER_REPO=quay.io/securesign/tuf KO_PREFIX=quay.io/securesign/tuf KO_DEFAULTBASEIMAGE=registry.access.redhat.com/ubi9/ubi-micro make ko-resolve | |
build-trillian: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote trillian repository | |
uses: actions/checkout@v3 | |
with: | |
repository: securesign/trillian | |
ref: release-next | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push trillian | |
run: | | |
podman build -t quay.io/securesign/trillian_log_server:${TRILLIAN_VER} . -f Dockerfile.logserver | |
podman push quay.io/securesign/trillian_log_server:${TRILLIAN_VER} | |
podman build -t quay.io/securesign/trillian_log_signer:${TRILLIAN_VER} . -f Dockerfile.logsigner | |
podman push quay.io/securesign/trillian_log_signer:${TRILLIAN_VER} | |
build-trillian-db: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote trillian repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/trillian | |
path: trillian | |
ref: ${{ env.TRILLIAN_DB_VER }} | |
- name: pull down the securesign repo | |
uses: actions/checkout@v2 | |
with: | |
path: securesign | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build and push trillian | |
run: | | |
cd trillian | |
cp -rp ../securesign/trillian/* examples/deployment/docker/db_server/ | |
podman build . --tag quay.io/securesign/trillian-db:${TRILLIAN_DB_VER} -f examples/deployment/docker/db_server/Dockerfile | |
podman push quay.io/securesign/trillian-db:${TRILLIAN_DB_VER} | |
build-tsa: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the remote timestamp-authority repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/timestamp-authority | |
path: timestamp-authority | |
ref: ${{ env.TSA_VER }} | |
- name: login to registry.redhat.io | |
uses: docker/login-action@v1 | |
with: | |
registry: registry.redhat.io | |
username: ${{ secrets.RH_REGISTRY_USER }} | |
password: ${{ secrets.RH_REGISTRY_PASSWORD }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Build tsa | |
run: | | |
cd timestamp-authority | |
podman build . --tag quay.io/securesign/timestamp-server:${{ env.TSA_VER }} -f Dockerfile | |
- name: Push tsa | |
run: podman push quay.io/securesign/timestamp-server:${{ env.TSA_VER }} | |
build-netcat: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the repository | |
uses: actions/checkout@v2 | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: build netcat | |
run: podman build -t quay.io/securesign/netcat:${NET_CAT_VER} -f netcat/Dockerfile | |
- name: push netcat | |
run: podman push quay.io/securesign/netcat:${NET_CAT_VER} | |
build-cosign: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the Cosign repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/cosign | |
ref: ${{ env.COSIGN_VER }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Build Cosign | |
run: podman build . --tag quay.io/securesign/cosign:${{ env.COSIGN_VER }} -f Dockerfile | |
- name: Push Cosign | |
run: podman push quay.io/securesign/cosign:${{ env.COSIGN_VER }} | |
build-rekor-cli: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out the rekor repository | |
uses: actions/checkout@v2 | |
with: | |
repository: securesign/rekor | |
ref: ${{ env.REKOR_VER }} | |
- name: Login to Quay | |
uses: docker/login-action@v1 | |
with: | |
registry: quay.io | |
username: ${{ secrets.REGISTRY_USER }} | |
password: ${{ secrets.REGISTRY_PASSWORD }} | |
- name: Build rekor-cli | |
run: podman build . --tag quay.io/securesign/rekor-cli:${{ env.REKOR_VER }} -f Dockerfile.cli | |
- name: Push rekor-cli | |
run: podman push quay.io/securesign/rekor-cli:${{ env.REKOR_VER }} |