Skip to content

Push KubeArmor Relay Image to Docker #28

Push KubeArmor Relay Image to Docker

Push KubeArmor Relay Image to Docker #28

name: Push KubeArmor Relay Image to Docker
on:
push:
branches: [main, v*]
paths:
- "relay-server/**"
- "!STABLE-RELEASE"
- ".github/workflows/ci-latest-release.yml"
create:
branches:
- "v*"
jobs:
push-docker-img:
name: Create and push docker image
if: github.repository == 'kubearmor/kubearmor-relay-server'
runs-on: ubuntu-latest-16-cores
permissions:
id-token: write
timeout-minutes: 20
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
platforms: linux/amd64,linux/arm64/v8
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
- name: Push images to Docker
run: |
if [ ${{ github.ref }} == "refs/heads/main" ]; then
TAG=latest
else
TAG=${GITHUB_REF#refs/*/}
fi
./relay-server/build/push_img.sh $TAG
- name: Install Cosign
uses: sigstore/cosign-installer@main
- name: Get Image Digest
id: digest
run: |
echo "imagedigest=$(jq -r '.["containerimage.digest"]' kubearmor-relay-server.json)" >> $GITHUB_OUTPUT
- name: Sign the Container Images
run: |
cosign sign -r kubearmor/kubearmor-relay-server@${{ steps.digest.outputs.imagedigest }} --yes
push-stable-version:
name: Create kubearmor-relay stable release
needs: push-docker-img
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
id-token: write
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
with:
ref: main
- name: Install regctl
run: |
curl -L https://github.com/regclient/regclient/releases/latest/download/regctl-linux-amd64 >regctl
chmod 755 regctl
mv regctl /usr/local/bin
- name: Check install
run: regctl version
- name: Get tag
id: match
run: |
value=`cat STABLE-RELEASE`
if [ ${{ github.ref }} == "refs/heads/$value" ]; then
echo "tag=true" >> $GITHUB_OUTPUT
else
echo "tag=false" >> $GITHUB_OUTPUT
fi
- name: Login to Docker Hub
if: steps.match.outputs.tag == 'true'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_AUTHTOK }}
- name: Generate the stable version of kubearmor-relay in Docker Hub
if: steps.match.outputs.tag == 'true'
run: |
STABLE_VERSION=`cat STABLE-RELEASE`
regctl image copy kubearmor/kubearmor-relay-server:$STABLE_VERSION kubearmor/kubearmor-relay-server:stable --digest-tags