|
1 |
| -name: Build Rust Binary |
2 |
| - |
3 |
| -env: |
4 |
| - zarfInjectorPath: 'src/injector/stage1/target/x86_64-unknown-linux-musl/release/zarf-injector' |
| 1 | +name: Publish Injector Stage I |
5 | 2 |
|
6 | 3 | on:
|
7 | 4 | workflow_dispatch:
|
|
12 | 9 | branchName:
|
13 | 10 | description: "Branch to build the injector from"
|
14 | 11 | required: false
|
15 |
| - default: 'master' |
| 12 | + default: "master" |
16 | 13 |
|
17 | 14 | jobs:
|
18 | 15 | build-injector:
|
19 |
| - runs-on: ubuntu-latest |
| 16 | + runs-on: self-hosted |
20 | 17 | steps:
|
| 18 | + - name: "Dependency: Install cosign" |
| 19 | + uses: sigstore/cosign-installer@v2.5.0 |
| 20 | + |
| 21 | + - name: "Dependency: Setup rust toolchain" |
| 22 | + run: | |
| 23 | + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path |
| 24 | + echo "$HOME/.cargo/bin" >> $GITHUB_PATH |
| 25 | +
|
21 | 26 | - name: "Checkout Repo"
|
22 | 27 | uses: actions/checkout@v3
|
23 | 28 | with:
|
24 | 29 | ref: ${{ github.event.inputs.branchName }}
|
25 | 30 |
|
26 |
| - - name: "Install cosign" |
27 |
| - uses: sigstore/cosign-installer@v2.5.0 |
28 |
| - |
29 |
| - - name: "Install Rust And Build" |
30 |
| - uses: gmiam/rust-musl-action@v1.1.1 |
31 |
| - with: |
32 |
| - args: cargo build --target x86_64-unknown-linux-musl --release --manifest-path src/injector/stage1/Cargo.toml |
| 31 | + - name: "Build Rust Binary for x86_64" |
| 32 | + working-directory: src/injector/stage1 |
| 33 | + run: | |
| 34 | + cargo build --target x86_64-unknown-linux-musl --release |
| 35 | + strip target/x86_64-unknown-linux-musl/release/zarf-injector |
33 | 36 |
|
34 |
| - - name: "Strip The Binary Down" |
35 |
| - run: sudo strip ${{ env.zarfInjectorPath }} |
36 |
| - |
37 |
| - - name: "Upload Rust Binary" |
38 |
| - uses: actions/upload-artifact@v3 |
39 |
| - with: |
40 |
| - name: zarf-injector |
41 |
| - path: ${{ env.zarfInjectorPath }} |
| 37 | + - name: "Build Rust Binary for aarch64" |
| 38 | + working-directory: src/injector/stage1 |
| 39 | + run: | |
| 40 | + rustup target add aarch64-unknown-linux-musl |
| 41 | + curl https://musl.cc/aarch64-linux-musl-cross.tgz | tar -xz |
| 42 | + export PATH="$PWD/aarch64-linux-musl-cross/bin:$PATH" |
| 43 | + cargo build --target aarch64-unknown-linux-musl --release |
| 44 | + aarch64-linux-musl-strip target/aarch64-unknown-linux-musl/release/zarf-injector |
42 | 45 |
|
43 | 46 | - name: Login to Docker Hub
|
44 | 47 | uses: docker/login-action@v2
|
45 | 48 | with:
|
46 | 49 | username: ${{ secrets.DOCKERHUB_USERNAME }}
|
47 | 50 | password: ${{ secrets.DOCKERHUB_TOKEN }}
|
48 | 51 |
|
49 |
| - - name: "Upload Binary To DockerHub" |
50 |
| - run: cosign upload blob -f ${{ env.zarfInjectorPath }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }} |
| 52 | + - name: "Upload Binaries To DockerHub" |
| 53 | + working-directory: src/injector/stage1/target |
| 54 | + run: | |
| 55 | + cosign upload blob -f x86_64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} |
| 56 | + cosign upload blob -f aarch64-unknown-linux-musl/release/zarf-injector defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} |
51 | 57 |
|
52 |
| - - name: "Sign the binary" |
53 |
| - run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:${{ github.event.inputs.versionTag }} |
| 58 | + - name: "Sign the binaries" |
| 59 | + run: | |
| 60 | + cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:amd64-${{ github.event.inputs.versionTag }} |
| 61 | + cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-injector:arm64-${{ github.event.inputs.versionTag }} |
54 | 62 | env:
|
55 | 63 | COSIGN_EXPERIMENTAL: 1
|
56 | 64 | AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
|
57 | 65 | AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}
|
58 | 66 | AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }}
|
59 |
| - |
|
0 commit comments