github actions: add airgap scrip test #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker build and push on master | |
on: | |
push: | |
branches: | |
- main | |
env: | |
OPERATOR_REPO: quay.io/costoolkit/elemental-operator-ci | |
REGISTER_REPO: quay.io/costoolkit/elemental-register-ci | |
jobs: | |
docker: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write # OIDC support. | |
contents: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: cosign-installer | |
uses: sigstore/[email protected] | |
- name: Install the bom command | |
shell: bash | |
run: | | |
curl -L https://github.com/kubernetes-sigs/bom/releases/download/v0.3.0/bom-linux-amd64.tar.gz | tar xvz | |
sudo mv ./bom /usr/bin/bom | |
- name: Export tag | |
id: export_tag | |
run: | | |
git describe --abbrev=0 --tags | |
TAG=`git describe --abbrev=0 --tags 2>/dev/null || echo "v0.0.0"` | |
COMMITDATE=`date -d @$(git log -n1 --format="%at") "+%FT%TZ"` | |
echo "operator_tag=$TAG" >> $GITHUB_OUTPUT | |
echo "commit_date=$COMMITDATE" >> $GITHUB_OUTPUT | |
- name: Docker meta for operator master | |
id: meta-operator | |
uses: docker/[email protected] | |
with: | |
images: | | |
${{ env.OPERATOR_REPO }} | |
tags: | | |
type=sha,format=short,prefix=${{ steps.export_tag.outputs.operator_tag }}- | |
type=raw,value=latest | |
- name: Docker meta for register master | |
id: meta-register | |
uses: docker/[email protected] | |
with: | |
images: | | |
${{ env.REGISTER_REPO }} | |
tags: | | |
type=sha,format=short,prefix=${{ steps.export_tag.outputs.operator_tag }}- | |
type=raw,value=latest | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/[email protected] | |
- name: Login to Quay | |
uses: docker/[email protected] | |
with: | |
registry: quay.io | |
username: ${{ secrets.QUAY_USERNAME }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: Build operator image | |
uses: docker/[email protected] | |
with: | |
context: . | |
tags: ${{ steps.meta-operator.outputs.tags }} | |
labels: ${{ steps.meta-operator.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
target: elemental-operator | |
push: true | |
build-args: | | |
TAG=${{ steps.export_tag.outputs.operator_tag }} | |
COMMITDATE=${{ steps.export_tag.outputs.commit_date }} | |
COMMIT=${{ github.sha }} | |
- name: Build register image | |
uses: docker/[email protected] | |
with: | |
context: . | |
tags: ${{ steps.meta-register.outputs.tags }} | |
labels: ${{ steps.meta-register.outputs.labels }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
target: elemental-register | |
push: true | |
build-args: | | |
TAG=${{ steps.export_tag.outputs.operator_tag }} | |
COMMITDATE=${{ steps.export_tag.outputs.commit_date }} | |
COMMIT=${{ github.sha }} | |
- name: Create SBOM file | |
shell: bash | |
run: | | |
bom generate -o elemental-operator.spdx . | |
bom generate -o elemental-register.spdx . | |
- name: Attach SBOM file in the container image | |
shell: bash | |
run: | | |
set -e | |
cosign attach sbom --sbom elemental-operator.spdx "${{ env.OPERATOR_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7}" | |
cosign attach sbom --sbom elemental-operator.spdx "${{ env.OPERATOR_REPO }}:latest" | |
cosign attach sbom --sbom elemental-register.spdx "${{ env.REGISTER_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7}" | |
cosign attach sbom --sbom elemental-register.spdx "${{ env.REGISTER_REPO }}:latest" | |
- name: Sign images | |
env: | |
COSIGN_EXPERIMENTAL: 1 | |
run: | | |
cosign sign ${{ env.OPERATOR_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7} | |
cosign sign ${{ env.OPERATOR_REPO }}:latest | |
cosign sign ${{ env.REGISTER_REPO }}:${{ steps.export_tag.outputs.operator_tag }}-${GITHUB_SHA::7} | |
cosign sign ${{ env.REGISTER_REPO }}:latest |