docs: note for current status of maintainers (#725) #185

Summary
Jobs
- productive
- debug
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/build-image.yaml at 4d96e60

	name: docker-image

	on:
	push:
	branches: [ main ]
	tags: 'v*'
	release:
	types: [published]

	jobs:
	productive:
	environment: registry
	timeout-minutes: 30
	runs-on: ubuntu-latest
	steps:
	-
	name: Checkout Repo
	uses: actions/checkout@v3
	-
	name: Build registry path
	id: get_repo
	run: echo ::set-output name=IMAGE::"ghcr.io/international-data-spaces-association/dataspace-connector"
	-
	name: Find tag
	id: get_tag
	run: \|
	echo ${GITHUB_REF#refs/tags/}
	echo ::set-output name=TAG::${GITHUB_REF#refs/tags/}
	if: startsWith(github.ref, 'refs/tags')
	-
	name: Find branch name
	id: get_branch
	run: \|
	# to lowercase
	TMP=$(git rev-parse --abbrev-ref HEAD)
	TMP=$(echo "$TMP" \| tr '[:upper:]' '[:lower:]')
	echo $TMP
	echo ::set-output name=BRANCH::$TMP
	-
	name: Install SBoM generator
	run: \|
	SYFT_EXPECTED_DIGEST='74a9becd5ccb4c02de99050a632e7bfc72176d5e4e844093b1e2c5bedfb45888'
	curl -sSfL https://github.com/anchore/syft/releases/download/v0.29.0/syft_0.29.0_linux_amd64.tar.gz -o syft.tar.gz
	SYFT_RESULT_DIGEST=$(sha256sum syft.tar.gz \| cut -d' ' -f1);
	if [[ $SYFT_RESULT_DIGEST != "${SYFT_EXPECTED_DIGEST}" ]]; then exit 1; fi

	mkdir -p syft-install/
	tar -zxf syft.tar.gz -C syft-install/
	mv syft-install/syft /usr/local/bin/
	rm -rf syft.tar.gz syft-install/
	-
	name: Install SBoM pusher
	run: \|
	ORAS_EXPECTED_DIGEST='660a4ecd87414d1f29610b2ed4630482f1f0d104431576d37e59752c27de37ed'
	curl -sSfL https://github.com/oras-project/oras/releases/download/v0.12.0/oras_0.12.0_linux_amd64.tar.gz -o oras.tar.gz
	ORAS_RESULT_DIGEST=$(sha256sum oras.tar.gz \| cut -d' ' -f1);
	if [[ $ORAS_RESULT_DIGEST != "${ORAS_EXPECTED_DIGEST}" ]]; then exit 1; fi

	mkdir -p oras-install/
	tar -zxf oras.tar.gz -C oras-install/
	mv oras-install/oras /usr/local/bin/
	rm -rf oras.tar.gz oras-install/
	- name: Install signing
	run: \|
	COSIGN_EXPECTED_DIGEST='9604a5eb171748113f92a67495556007dde6f45804f0b38d3e55c3bc7e151774'
	curl -sSfL https://github.com/sigstore/cosign/releases/download/v1.3.0/cosign-linux-amd64 -o cosign
	COSIGN_RESULT_DIGEST=$(sha256sum cosign \| cut -d' ' -f1);
	if [[ $COSIGN_RESULT_DIGEST != "${COSIGN_EXPECTED_DIGEST}" ]]; then exit 1; fi
	chmod +x cosign
	mv cosign /usr/local/bin/cosign
	-
	name: Login to registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	-
	name: Build image
	run: \|
	docker build . -t $IMAGE:$BRANCH
	BOM="dataspace-connector-sbom.json"
	syft "${IMAGE}:${BRANCH}" -o spdx-json > "${BOM}"
	env:
	IMAGE: ${{ steps.get_repo.outputs.IMAGE }}
	BRANCH: ${{ steps.get_branch.outputs.BRANCH }}
	DOCKER_BUILDKIT: 1
	-
	name: Push tagged image
	run: \|
	echo $IMAGE
	echo $BRANCH
	echo $TAG
	TMP=$TAG
	BOM="dataspace-connector-sbom.json"

	if [[ $TMP == v* ]]
	then
	# Its a version tag
	TMP=${TAG:1:${#TAG}}
	echo "Found a version tag"
	docker tag $IMAGE:$BRANCH $IMAGE:latest
	docker push $IMAGE:latest
	oras push "${IMAGE}:latest-sbom" "${BOM}:application/json"

	echo "${COSIGN_KEY}" > /tmp/cosign.key
	cosign sign --key /tmp/cosign.key "${IMAGE}:latest"
	cosign sign --key /tmp/cosign.key "${IMAGE}:latest-sbom"
	rm /tmp/cosign.key
	fi
	# Has tag
	docker tag $IMAGE:$BRANCH $IMAGE:$TMP
	docker push $IMAGE:$TMP
	oras push "${IMAGE}:${TMP}-sbom" "${BOM}:application/json"

	echo "${COSIGN_KEY}" > /tmp/cosign.key
	cosign sign --key /tmp/cosign.key "${IMAGE}:${TMP}"
	cosign sign --key /tmp/cosign.key "${IMAGE}:${TMP}-sbom"
	rm /tmp/cosign.key
	if: startsWith(github.ref, 'refs/tags')
	env:
	IMAGE: ${{ steps.get_repo.outputs.IMAGE }}
	BRANCH: ${{ steps.get_branch.outputs.BRANCH }}
	TAG: ${{ steps.get_tag.outputs.TAG }}
	COSIGN_KEY: ${{secrets.COSIGN_KEY}}
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
	-
	name: Push branch image
	run: \|
	docker push $IMAGE:$BRANCH

	BOM="dataspace-connector-sbom.json"
	oras push "${IMAGE}:${BRANCH}-sbom" "${BOM}:application/json"

	echo "${COSIGN_KEY}" > /tmp/cosign.key
	cosign sign --key /tmp/cosign.key "${IMAGE}:${BRANCH}"
	cosign sign --key /tmp/cosign.key "${IMAGE}:${BRANCH}-sbom"
	rm /tmp/cosign.key
	if: startsWith(github.ref, 'refs/heads')
	env:
	IMAGE: ${{ steps.get_repo.outputs.IMAGE }}
	BRANCH: ${{ steps.get_branch.outputs.BRANCH }}
	COSIGN_KEY: ${{secrets.COSIGN_KEY}}
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

	debug:
	environment: registry
	timeout-minutes: 30
	runs-on: ubuntu-latest
	steps:
	-
	name: Checkout Repo
	uses: actions/checkout@v3
	-
	name: Build registry path
	id: get_repo
	run: echo ::set-output name=IMAGE::"ghcr.io/international-data-spaces-association/dataspace-connector"
	-
	name: Find tag
	id: get_tag
	run: \|
	echo ${GITHUB_REF#refs/tags/}
	echo ::set-output name=TAG::${GITHUB_REF#refs/tags/}
	if: startsWith(github.ref, 'refs/tags')
	-
	name: Find branch name
	id: get_branch
	run: \|
	# to lowercase
	TMP=$(git rev-parse --abbrev-ref HEAD)
	TMP=$(echo "$TMP" \| tr '[:upper:]' '[:lower:]')
	echo $TMP
	echo ::set-output name=BRANCH::$TMP
	-
	name: Install SBoM generator
	run: \|
	SYFT_EXPECTED_DIGEST='74a9becd5ccb4c02de99050a632e7bfc72176d5e4e844093b1e2c5bedfb45888'
	curl -sSfL https://github.com/anchore/syft/releases/download/v0.29.0/syft_0.29.0_linux_amd64.tar.gz -o syft.tar.gz
	SYFT_RESULT_DIGEST=$(sha256sum syft.tar.gz \| cut -d' ' -f1);
	if [[ $SYFT_RESULT_DIGEST != "${SYFT_EXPECTED_DIGEST}" ]]; then exit 1; fi

	mkdir -p syft-install/
	tar -zxf syft.tar.gz -C syft-install/
	mv syft-install/syft /usr/local/bin/
	rm -rf syft.tar.gz syft-install/
	-
	name: Install SBoM pusher
	run: \|
	ORAS_EXPECTED_DIGEST='660a4ecd87414d1f29610b2ed4630482f1f0d104431576d37e59752c27de37ed'
	curl -sSfL https://github.com/oras-project/oras/releases/download/v0.12.0/oras_0.12.0_linux_amd64.tar.gz -o oras.tar.gz
	ORAS_RESULT_DIGEST=$(sha256sum oras.tar.gz \| cut -d' ' -f1);
	if [[ $ORAS_RESULT_DIGEST != "${ORAS_EXPECTED_DIGEST}" ]]; then exit 1; fi

	mkdir -p oras-install/
	tar -zxf oras.tar.gz -C oras-install/
	mv oras-install/oras /usr/local/bin/
	rm -rf oras.tar.gz oras-install/
	- name: Install signing
	run: \|
	COSIGN_EXPECTED_DIGEST='9604a5eb171748113f92a67495556007dde6f45804f0b38d3e55c3bc7e151774'
	curl -sSfL https://github.com/sigstore/cosign/releases/download/v1.3.0/cosign-linux-amd64 -o cosign
	COSIGN_RESULT_DIGEST=$(sha256sum cosign \| cut -d' ' -f1);
	if [[ $COSIGN_RESULT_DIGEST != "${COSIGN_EXPECTED_DIGEST}" ]]; then exit 1; fi
	chmod +x cosign
	mv cosign /usr/local/bin/cosign
	-
	name: Login to registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	-
	name: Build image
	run: \|
	docker build . -f scripts/ci/docker/Debug.dockerfile -t $IMAGE:$BRANCH
	BOM="dataspace-connector-sbom.json"
	syft "${IMAGE}:${BRANCH}" -o spdx-json > "${BOM}"
	env:
	IMAGE: ${{ steps.get_repo.outputs.IMAGE }}
	BRANCH: ${{ steps.get_branch.outputs.BRANCH }}
	DOCKER_BUILDKIT: 1
	-
	name: Push tagged image
	run: \|
	echo $IMAGE
	echo $BRANCH
	echo $TAG
	TMP=$TAG
	BOM="dataspace-connector-sbom.json"

	if [[ $TMP == v* ]]
	then
	# Its a version tag
	TMP=${TAG:1:${#TAG}}
	echo "Found a version tag"
	fi
	# Has tag
	docker tag $IMAGE:$BRANCH $IMAGE:$TMP-debug
	docker push $IMAGE:$TMP-debug
	oras push "${IMAGE}:${TMP}-debug-sbom" "${BOM}:application/json"

	echo "${COSIGN_KEY}" > /tmp/cosign.key
	cosign sign --key /tmp/cosign.key "${IMAGE}:${TMP}-debug"
	cosign sign --key /tmp/cosign.key "${IMAGE}:${TMP}-debug-sbom"
	rm /tmp/cosign.key
	if: startsWith(github.ref, 'refs/tags')
	env:
	IMAGE: ${{ steps.get_repo.outputs.IMAGE }}
	BRANCH: ${{ steps.get_branch.outputs.BRANCH }}
	TAG: ${{ steps.get_tag.outputs.TAG }}
	COSIGN_KEY: ${{secrets.COSIGN_KEY}}
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
	-
	name: Push branch image
	run: \|
	docker tag $IMAGE:$BRANCH $IMAGE:$BRANCH-debug
	docker push $IMAGE:$BRANCH-debug
	BOM="dataspace-connector-sbom.json"
	oras push "${IMAGE}:${BRANCH}-debug-sbom" "${BOM}:application/json"

	echo "${COSIGN_KEY}" > /tmp/cosign.key
	cosign sign --key /tmp/cosign.key "${IMAGE}:${BRANCH}-debug"
	cosign sign --key /tmp/cosign.key "${IMAGE}:${BRANCH}-debug-sbom"
	rm /tmp/cosign.key
	if: startsWith(github.ref, 'refs/heads')
	env:
	IMAGE: ${{ steps.get_repo.outputs.IMAGE }}
	BRANCH: ${{ steps.get_branch.outputs.BRANCH }}
	COSIGN_KEY: ${{secrets.COSIGN_KEY}}
	COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: note for current status of maintainers (#725) #185

Workflow file

docs: note for current status of maintainers (#725) #185

Jobs

Run details

Workflow file for this run