Skip to content

Commit

Permalink
add publish image workflow
Browse files Browse the repository at this point in the history
Signed-off-by: Batuhan Apaydın <[email protected]>
  • Loading branch information
developer-guy committed Jan 24, 2023
1 parent b324861 commit 545f16b
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 2 deletions.
47 changes: 47 additions & 0 deletions .github/workflows/image.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: image

on:
workflow_dispatch:
release:
types: [created]

permissions:
contents: read
packages: write
id-token: write

jobs:
image:
runs-on: ubuntu-latest
outputs:
commit-date: ${{ steps.ldflags.outputs.commit-date }}
commit: ${{ steps.ldflags.outputs.commit }}
version: ${{ steps.ldflags.outputs.version }}
tree-state: ${{ steps.ldflags.outputs.tree-state }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- uses: sigstore/[email protected]
- uses: ko-build/[email protected]
- id: ldflags
run: |
echo "commit-date=$(git log --date=iso8601-strict -1 --pretty=%ct)" >> "$GITHUB_OUTPUT"
echo "commit=$GITHUB_SHA" >> "$GITHUB_OUTPUT"
echo "version=$(git describe --tags --always --dirty | cut -c2-)" >> "$GITHUB_OUTPUT"
echo "tree-state=$(if git diff --quiet; then echo "clean"; else echo "dirty"; fi)" >> "$GITHUB_OUTPUT"
- name: Publish and sign image
env:
KO_DOCKER_REPO: ghcr.io/${{ github.repository }}
COSIGN_EXPERIMENTAL: 'true'
run: |
export LDGLAGS="-X main.Version=${{needs.args.outputs.version}} -X main.Commit=${{needs.args.outputs.commit}} -X main.CommitDate=${{needs.args.outputs.commit-date}} -X main.TreeState=${{needs.args.outputs.tree-state}}"
echo "${{ github.token }}" | ko login ghcr.io --username "${{ github.actor }}" --password-stdin
img=$(ko build --bare --platform=all -t latest -t ${{ github.sha }} ./cmd/sbom-scorecard)
echo "built ${img}"
cosign sign ${img} \
-a sha=${{ github.sha }} \
-a run_id=${{ github.run_id }} \
-a run_attempt=${{ github.run_attempt }}
6 changes: 6 additions & 0 deletions .ko.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
baseImageOverride: cgr.dev/chainguard/static:latest

builds:
- id: sbom-scorecard
ldflags:
- "{{ .Env.LDFLAGS }}"
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb // indirect
github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect
github.com/spf13/pflag v1.0.5 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
Expand Down
3 changes: 2 additions & 1 deletion go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLf
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb h1:bLo8hvc8XFm9J47r690TUKBzcjSWdJDxmjXJZ+/f92U=
github.com/spdx/gordf v0.0.0-20201111095634-7098f93598fb/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 h1:dArkMwZ7Mf2JiU8OfdmqIv8QaHT4oyifLIe1UhsF1SY=
github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89/go.mod h1:uKWaldnbMnjsSAXRurWqqrdyZen1R7kxl8TkmWk2OyM=
github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342 h1:6uvaOTv4GeRqQV6O1/znbpziqhctMRLTy3OGeZrNMic=
github.com/spdx/tools-golang v0.3.1-0.20221108182156-8a01147e6342/go.mod h1:VHzvNsKAfAGqs4ZvwRL+7a0dNsL20s7lGui4K9C0xQM=
github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
Expand Down

0 comments on commit 545f16b

Please sign in to comment.