1#
2# Copyright 2021 The Sigstore Authors.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16name: CI-Container-Build
17
18on:
19 push:
20 paths:
21 - '**'
22 - '!**.md'
23 - '!doc/**'
24 - '!**.txt'
25 - '!images/**'
26 - '!LICENSE'
27 - 'test/**'
28 branches:
29 - main
30 - release-*
31
32permissions: read-all
33
34jobs:
35 build:
36 name: build
37 runs-on: ubuntu-latest
38
39 permissions:
40 id-token: write
41 contents: read
42
43 steps:
44 - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
45
46 - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
47
48 - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
49 with:
50 go-version: '1.21'
51 check-latest: true
52
53 # will use the latest release available for ko
54 - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
55
56 - name: Set up Cloud SDK
57 uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
58 with:
59 workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-cosign'
60 service_account: 'github-actions@projectsigstore.iam.gserviceaccount.com'
61
62 - name: creds
63 run: gcloud auth configure-docker --quiet
64
65 - name: containers-cosign
66 run: make sign-ci-containers
67 env:
68 KO_PREFIX: gcr.io/projectsigstore/cosign/ci
69 COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"
View as plain text