Skip to content

KubeEdge v1.15.1 sign images #8

KubeEdge v1.15.1 sign images

KubeEdge v1.15.1 sign images #8

Workflow file for this run

name: build release, release image to DockerHub
on:
release:
types:
- published
env:
CONTAINER_RUN_OPTIONS: " "
IMAGE_REPOSITORY: kubeedge
jobs:
publish-image-to-dockerhub:
name: publish to DockerHub
strategy:
matrix:
target: [cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptables-manager, edgemark, installation-package, controller-manager]
outputs:
hash-digest-cloudcore: ${{ steps.hash.outputs.hash-digest-cloudcore }}
hash-digest-admission: ${{ steps.hash.outputs.hash-digest-admission }}
hash-digest-edgesite-agent: ${{ steps.hash.outputs.hash-digest-edgesite-agent }}
hash-digest-edgesite-server: ${{ steps.hash.outputs.hash-digest-edgesite-server }}
hash-digest-csidriver: ${{ steps.hash.outputs.hash-digest-csidriver }}
hash-digest-iptables-manager: ${{ steps.hash.outputs.hash-digest-iptables-manager }}
hash-digest-edgemark: ${{ steps.hash.outputs.hash-digest-edgemark }}
hash-digest-installation-package: ${{ steps.hash.outputs.hash-digest-installation-package }}
hash-digest-controller-manager: ${{ steps.hash.outputs.hash-digest-controller-manager }}
runs-on: ubuntu-22.04
steps:
- name: checkout code
uses: actions/checkout@v3
with:
# fetch-depth:
# 0 indicates all history for all branches and tags.
# for `git describe --tags` in Makefile.
fetch-depth: 0
- name: install QEMU
uses: docker/setup-qemu-action@v1
- name: install Buildx
uses: docker/setup-buildx-action@v1
- name: login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USER_NAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: generate dockerfile path
run: |
echo "dockerfile_path=$(./hack/make-rules/imageprocess.sh dockerfile ${{ matrix.target }})" >> $GITHUB_ENV
- name: build and publish images
id: build
uses: docker/build-push-action@v3
with:
context: .
file: ${{ env.dockerfile_path }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
push: true
tags: |
${{ env.IMAGE_REPOSITORY }}/${{ matrix.target }}:${{ github.ref_name }}
- name: generate digest
id: hash
run: |
echo "hash-digest-${{ matrix.target }}=${{ steps.build.outputs.digest }}" >> $GITHUB_OUTPUT
# This step calls the container workflow to generate provenance and push it to
# the container registry.
image-provenance:
needs: [publish-image-to-dockerhub]
strategy:
matrix:
target: [cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptables-manager, edgemark, installation-package, controller-manager]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
if: startsWith(github.ref, 'refs/tags/')
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: kubeedge/${{ matrix.target }}
registry-username: ${{ vars.DOCKERHUB_USER_NAME }}
digest: ${{ needs.publish-image-to-dockerhub.outputs[format('hash-digest-{0}', matrix.target)] }}
secrets:
registry-password: ${{ secrets.DOCKERHUB_TOKEN }}