rancher
/
elemental-operator
mirror of https://github.com/rancher/elemental-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
elemental-operator/.github/workflows/docker-master.yaml

111 lines
4.2 KiB
YAML
Raw Permalink Blame History

name: Docker build and push on master
on:
push:
branches:
- main
env:
OPERATOR_REPO: quay.io/costoolkit/elemental-operator-ci
REGISTER_REPO: quay.io/costoolkit/elemental-register-ci
jobs:
docker:
runs-on: ubuntu-latest
permissions:
id-token: write # OIDC support.
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: cosign-installer
uses: sigstore/cosign-installer@v2.8.0
- name: Install the bom command
shell: bash
run: |
curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.3.0/bom-linux-amd64.tar.gz | tar xvz
sudo mv ./bom /usr/bin/bom
- name: Export tag
id: export_tag
run: |
git describe --abbrev=0 --tags
TAG=`git describe --abbrev=0 --tags 2>/dev/null || echo "v0.0.0"`
COMMITDATE=`date -d @$(git log -n1 --format="%at") "+%FT%TZ"`
echo "operator_tag=$TAG" >> $GITHUB_OUTPUT
echo "commit_date=$COMMITDATE" >> $GITHUB_OUTPUT
- name: Docker meta for operator master
id: meta-operator
uses: docker/metadata-action@v4.1.1
with:
images: |
${{ env.OPERATOR_REPO }}
tags: |
type=sha,format=short,prefix=${{ steps.export_tag.outputs.operator_tag }}-
type=raw,value=latest
- name: Docker meta for register master
id: meta-register
uses: docker/metadata-action@v4.1.1
with:
images: |
${{ env.REGISTER_REPO }}
tags: |
type=sha,format=short,prefix=${{ steps.export_tag.outputs.operator_tag }}-
type=raw,value=latest
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2.2.1
- name: Login to Quay
uses: docker/login-action@v2.1.0
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_TOKEN }}
- name: Build operator image
uses: docker/build-push-action@v3.2.0
with:
context: .
tags: ${{ steps.meta-operator.outputs.tags }}
labels: ${{ steps.meta-operator.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
target: elemental-operator
push: true
build-args: |
TAG=${{ steps.export_tag.outputs.operator_tag }}
COMMITDATE=${{ steps.export_tag.outputs.commit_date }}
COMMIT=${{ github.sha }}
- name: Build register image
uses: docker/build-push-action@v3.2.0
with:
context: .
tags: ${{ steps.meta-register.outputs.tags }}
labels: ${{ steps.meta-register.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
target: elemental-register
push: true
build-args: |
TAG=${{ steps.export_tag.outputs.operator_tag }}
COMMITDATE=${{ steps.export_tag.outputs.commit_date }}
COMMIT=${{ github.sha }}
- name: Create SBOM file
shell: bash
run: |
bom generate -o elemental-operator.spdx .
bom generate -o elemental-register.spdx .
- name: Attach SBOM file in the container image
shell: bash
run: |
set -e
cosign attach sbom --sbom elemental-operator.spdx "${{ env.OPERATOR_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7}"
cosign attach sbom --sbom elemental-operator.spdx "${{ env.OPERATOR_REPO }}:latest"
cosign attach sbom --sbom elemental-register.spdx "${{ env.REGISTER_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7}"
cosign attach sbom --sbom elemental-register.spdx "${{ env.REGISTER_REPO }}:latest"
- name: Sign images
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign ${{ env.OPERATOR_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7}
cosign sign ${{ env.OPERATOR_REPO }}:latest
cosign sign ${{ env.REGISTER_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7}
cosign sign ${{ env.REGISTER_REPO }}:latest
Reference in New Issue View Git Blame Copy Permalink