Skip to content

Merge pull request #202 from kubescape/fix-authority-parse #2

Merge pull request #202 from kubescape/fix-authority-parse

Merge pull request #202 from kubescape/fix-authority-parse #2

name: build
on:
push:
branches:
- 'v0.2.139-hotfix'
paths-ignore:
- '**.md' ### Ignore running when README.MD changed.
- '.github/workflows/*' ### Ignore running when files under path: .github/workflows/* changed.
jobs:
docker-build:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v3
name: Checkout
with:
fetch-depth: 0
# submodules: recursive
- uses: actions/setup-go@v4
name: Installing go
with:
go-version: 1.21
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set prerelease image tag
id: image-prerelease-tag
run: echo "IMAGE_TAG_PRERELEASE=v0.1.70-hotfix" >> $GITHUB_OUTPUT
- name: Run unit test
id: unit-test
run: go test -v ./...
- name: Login to Quay
uses: docker/login-action@v2
with:
registry: quay.io
username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
file: build/Dockerfile
tags: quay.io/kubescape/kubevuln:v0.2.139-hotfix
build-args: image_version=v0.2.139-hotfix
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
push: true
- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v2.2.2'
- name: sign kubescape container image
env:
COSIGN_EXPERIMENTAL: "true"
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY_V1 }}
COSIGN_PRIVATE_KEY_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_V1_PASSWORD }}
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY_V1 }}
run: |
# Sign the image with keyless mode
cosign sign -y quay.io/kubescape/kubevuln:v0.2.139-hotfix
# Sign the image with key for verifier clients without keyless support
# Put the key from environment variable to a file
echo "$COSIGN_PRIVATE_KEY" > cosign.key
printf "$COSIGN_PRIVATE_KEY_PASSWORD" | cosign sign -key cosign.key -y quay.io/kubescape/kubevuln:v0.2.139-hotfix
rm cosign.key
# Verify the image
echo "$COSIGN_PUBLIC_KEY" > cosign.pub
cosign verify -key cosign.pub quay.io/kubescape/kubevuln:v0.2.139-hotfix
- name: Create Release
id: create_release
uses: ncipollo/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
tag: v0.2.139-hotfix
name: Release v0.2.139-hotfix
draft: false
prerelease: false