Skip to content

Commit

Permalink
Merge pull request #4637 from Miranlfk/integrate-notation
Browse files Browse the repository at this point in the history 
Integrate `Notation` to sign Ballerina Images
  • Loading branch information
@udda1996
udda1996 committed Jul 5, 2023
2 parents 903c720 + 8b1bba0 commit 9b85d1f
Showing 1 changed file with 42 additions and 4 deletions.
46 changes: 42 additions & 4 deletions .github/workflows/publish-release-artifacts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ on:
description: 'Release Version e.g., 2201.1.1, 2201.1.1-rc1'
default: '2201.1.1'
required: true
env:
REGISTRY: ghcr.io
ORGNAME: ballerina-platform
IMAGE_NAME: ballerina

jobs:
publish-artifacts:
Expand Down Expand Up @@ -133,13 +137,11 @@ jobs:
run: |
DOCKER_REPO=${{ steps.process-docker.outputs.dockerRepo }}
cp $VERSION/ballerina-$VERSION.zip $DOCKER_REPO/base/docker/
docker build --no-cache=true --squash --build-arg BALLERINA_DIST=ballerina-$VERSION.zip -t ballerina/ballerina:$GIT_TAG $DOCKER_REPO/base/docker/
rm $DOCKER_REPO/base/docker/ballerina-$VERSION.zip
docker push ballerina/ballerina:$GIT_TAG
docker rmi ballerina/ballerina:$GIT_TAG
docker image prune -f
- name: Build and push dev container
run: |
DOCKER_REPO=${{ steps.process-docker.outputs.dockerRepo }}
Expand All @@ -151,6 +153,42 @@ jobs:
docker rmi ballerina/ballerina-devcontainer:$GIT_TAG
docker image prune -f
- name: azure-resource-login
uses: Azure/azure-resource-login-action@v1.0.0
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- name: Setup Notation with azure-kv plugin
uses: Duffney/setup-notation@v1.0.0
with:
version: 1.0.0-rc.7
key_name: ${{ secrets.AZURE_KEY_NAME }}
certificate_key_id: ${{ secrets.AZURE_KEY_ID }}
plugin_name: notation-azure-kv
plugin_version: 0.5.0-rc.1

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.ORGNAME }}
password: ${{ secrets.BALLERINA_BOT_TOKEN }}

- name: Push image to Github Container Registry
run: |
docker tag ballerina/ballerina:$GIT_TAG ${{ env.REGISTRY }}/${{ env.ORGNAME }}/${{ env.IMAGE_NAME }}:$GIT_TAG
docker push ${{ env.REGISTRY }}/${{ env.ORGNAME }}/${{ env.IMAGE_NAME }}:$GIT_TAG
- name: Verify key generation
run: notation key list

- name: Sign the published Docker image
run: |
notation sign --key ${{ secrets.AZURE_KEY_NAME }} ${{ env.REGISTRY }}/${{ env.ORGNAME }}/${{ env.IMAGE_NAME }}:$GIT_TAG
docker rmi ballerina/ballerina:$GIT_TAG
docker rmi ${{ env.REGISTRY }}/${{ env.ORGNAME }}/${{ env.IMAGE_NAME }}:$GIT_TAG
docker image prune -f
- name: Publish Artifacts
run: |
sudo apt-get install python3-setuptools
Expand Down

0 comments on commit 9b85d1f

Please sign in to comment.