Skip to content

Commit

Permalink
Integrate notation signature to ballerina image
Browse files Browse the repository at this point in the history
  • Loading branch information
Miranlfk committed Jun 28, 2023
1 parent 5bcf816 commit a915691
Showing 1 changed file with 41 additions and 3 deletions.
44 changes: 41 additions & 3 deletions .github/workflows/publish-release-artifacts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ on:
description: 'Release Version e.g., 2201.1.1, 2201.1.1-rc1'
default: '2201.1.1'
required: true
env:
REGISTRY: ghcr.io
IMAGE_NAME: ballerina

jobs:
publish-artifacts:
Expand Down Expand Up @@ -133,12 +136,11 @@ jobs:
run: |
DOCKER_REPO=${{ steps.process-docker.outputs.dockerRepo }}
cp $VERSION/ballerina-$VERSION.zip $DOCKER_REPO/base/docker/
docker build --no-cache=true --squash --build-arg BALLERINA_DIST=ballerina-$VERSION.zip -t ballerina/ballerina:$GIT_TAG $DOCKER_REPO/base/docker/
rm $DOCKER_REPO/base/docker/ballerina-$VERSION.zip
docker push ballerina/ballerina:$GIT_TAG
docker rmi ballerina/ballerina:$GIT_TAG
docker image prune -f
- name: Build and push dev container
run: |
Expand All @@ -151,6 +153,42 @@ jobs:
docker rmi ballerina/ballerina-devcontainer:$GIT_TAG
docker image prune -f
- name: azure-resource-login
uses: Azure/azure-resource-login-action@v1.0.0
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}

- name: Setup Notation with azure-kv plugin
uses: Duffney/setup-notation@v1.0.0
with:
version: 1.0.0-rc.7
key_name: ${{ secrets.AZURE_KEY_NAME }}
certificate_key_id: ${{ secrets.AZURE_KEY_ID }}
plugin_name: notation-azure-kv
plugin_version: 0.5.0-rc.1

- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Push image to Github Container Registry
run: |
docker tag ballerina/ballerina:$GIT_TAG ${{ env.REGISTRY }}/ballerina-platform/${{ env.IMAGE_NAME }}:$GIT_TAG
docker push ${{ env.REGISTRY }}/ballerina-platform/${{ env.IMAGE_NAME }}:$GIT_TAG
- name: Verify key generation
run: notation key list

- name: Sign the published Docker image
run: |
notation sign --key ${{ secrets.AZURE_KEY_NAME }} ${{ env.REGISTRY }}/ballerina-platform/${{ env.IMAGE_NAME }}:$GIT_TAG
docker rmi ballerina/ballerina:$GIT_TAG
docker rmi ${{ env.REGISTRY }}/ballerina-platform/${{ env.IMAGE_NAME }}:$GIT_TAG
docker image prune -f
- name: Publish Artifacts
run: |
sudo apt-get install python3-setuptools
Expand Down

0 comments on commit a915691

Please sign in to comment.