Skip to content

Commit

Permalink
fix workflow (#1632)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cpanato
cpanato authored Jun 21, 2024
1 parent b5ac73f commit 48a3ea2
Show file tree
Hide file tree
Showing 7 changed files with 28 additions and 19 deletions.
35 changes: 22 additions & 13 deletions .github/workflows/build-terminal-images.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ jobs:
- rekor
- vexctl

container:
image: ghcr.io/wolfi-dev/sdk:latest@sha256:a96b9173cb5dd9d6050ecb11b6ec326f47a32d93537838845be5e558f9103148
# TODO: Deprivilege
options: |
--cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
steps:
- name: 'Github Actions Runner'
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
Expand All @@ -38,45 +44,48 @@ jobs:
shell: bash
working-directory: terminal-images/${{ matrix.image }}
run: |
docker run -v ${PWD}:/work cgr.dev/chainguard/melange keygen
melange keygen
- name: melange build
shell: bash
working-directory: terminal-images/${{ matrix.image }}
run: |
docker run --privileged -v ${PWD}:/work cgr.dev/chainguard/melange build \
melange.yaml --arch x86_64 --signing-key melange.rsa
melange build melange.yaml --arch x86_64 --signing-key melange.rsa
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3
with:
service_account: "github-chainguard-academy@chainguard-academy.iam.gserviceaccount.com"
workload_identity_provider: "projects/456977358484/locations/global/workloadIdentityPools/chainguard-academy/providers/chainguard-edu"
token_format: 'access_token'

- name: Setup G Cloud SDK
uses: 'google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200' # v2.0.11

- name: Configure GCR auth
shell: bash
run: gcloud auth configure-docker "${{ secrets.TERMINAL_REGISTRY_URL }}"

- name: apko login
shell: bash
working-directory: /tmp/
run: |
docker run --rm -v ${PWD}/:/root/ cgr.dev/chainguard/apko login \
apko login \
"${{ secrets.TERMINAL_REGISTRY_URL }}" \
--password=${{ steps.auth.outputs.access_token }} \
--username="oauth2accesstoken"
- name: apko publish
shell: bash
working-directory: terminal-images/${{ matrix.image }}
# working-directory: terminal-images/${{ matrix.image }}
run: |
docker run --rm \
-v /tmp/.docker/config.json:/root/.docker/config.json \
-v ${PWD}/:/work \
cgr.dev/chainguard/apko publish \
apko publish \
--arch x86_64 apko.yaml \
--image-refs /work/image-refs.txt \
--image-refs image-refs.txt \
"${{ secrets.TERMINAL_REGISTRY_URL }}/${{ secrets.TERMINAL_REPOSITORY }}/${{ matrix.image }}:latest" \
-k melange.rsa.pub \
--sbom-path . \
-C /work
-C terminal-images/${{ matrix.image }}
# - name: cosign login
# shell: bash
Expand All @@ -92,4 +101,4 @@ jobs:

# - name: cosign sign image
# working-directory: terminal-images/${{ matrix.image }}
# run: cosign sign -y "$(cat image-refs.txt)"
# run: cosign sign -y "$(cat image-refs.txt)
2 changes: 1 addition & 1 deletion terminal-images/apko/apko.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ contents:
repositories:
- https://dl-cdn.alpinelinux.org/alpine/edge/main
- https://dl-cdn.alpinelinux.org/alpine/edge/community
- "/work/packages"
- "./packages"
packages:
- alpine-baselayout-data
- apk-tools
Expand Down
2 changes: 1 addition & 1 deletion terminal-images/cosign/apko.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ contents:
repositories:
- https://dl-cdn.alpinelinux.org/alpine/edge/main
- https://dl-cdn.alpinelinux.org/alpine/edge/community
- "/work/packages"
- "./packages"
packages:
- alpine-baselayout-data
- apk-tools
Expand Down
2 changes: 1 addition & 1 deletion terminal-images/policy-controller-base/apko.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ contents:
repositories:
- https://dl-cdn.alpinelinux.org/alpine/edge/main
- https://dl-cdn.alpinelinux.org/alpine/edge/community
- "/work/packages"
- "./packages"
packages:
- alpine-baselayout-data
- bash
Expand Down
2 changes: 1 addition & 1 deletion terminal-images/policy-controller-install/apko.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ contents:
repositories:
- https://dl-cdn.alpinelinux.org/alpine/edge/main
- https://dl-cdn.alpinelinux.org/alpine/edge/community
- "/work/packages"
- "./packages"
packages:
- alpine-baselayout-data
- bash
Expand Down
2 changes: 1 addition & 1 deletion terminal-images/rekor/apko.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ contents:
repositories:
- https://dl-cdn.alpinelinux.org/alpine/edge/main
- https://dl-cdn.alpinelinux.org/alpine/edge/community
- "/work/packages"
- "./packages"
packages:
- alpine-baselayout-data
- apk-tools
Expand Down
2 changes: 1 addition & 1 deletion terminal-images/vexctl/apko.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ contents:
- https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
repositories:
- https://packages.wolfi.dev/os
- "/work/packages"
- "./packages"
packages:
- wolfi-baselayout
- bash
Expand Down

0 comments on commit 48a3ea2

Please sign in to comment.