Add Zarf Agent Github Action (zarf-dev#481)

jeff-mccoy · web-flow · commit e779f34b0fb5 · 2022-05-09T14:16:29.000-05:00
diff --git a/.github/workflows/build-zarf-agent.yml b/.github/workflows/build-zarf-agent.yml
@@ -0,0 +1,45 @@
+name: Build and Publish Zarf Agent Image
+
+on:
+  workflow_dispatch:
+    inputs:
+      versionTag:
+        description: "Version tag"
+        required: true
+      branchName:
+        description: "Branch to build the agent from"
+        required: false
+        default: "master"
+
+jobs:
+  build-injector:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout Repo"
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.branchName }}
+
+      - name: "Install cosign"
+        uses: sigstore/cosign-installer@v2.1.0
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: "Build and Publish the Image"
+        run: buildx build --push --platform linux/arm64/v8,linux/amd64 --tag defenseunicorns/zarf-agent:${{ github.event.inputs.versionTag }} .
+
+      - name: "Sign the Image"
+        run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=${{ github.event.inputs.versionTag }} defenseunicorns/zarf-agent:${{ github.event.inputs.versionTag }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+          AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }}
