|
| 1 | +# Copyright 2022 Google LLC |
| 2 | +# |
| 3 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | +# you may not use this file except in compliance with the License. |
| 5 | +# You may obtain a copy of the License at |
| 6 | +# |
| 7 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | +# |
| 9 | +# Unless required by applicable law or agreed to in writing, software |
| 10 | +# distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | +# See the License for the specific language governing permissions and |
| 13 | +# limitations under the License. |
| 14 | +# gcloud builds submit --config=cloudbuild.yaml --project=project-name --substitutions=TAG="v0.65" |
| 15 | +steps: |
| 16 | +#publish latest cosign |
| 17 | +- name: 'gcr.io/cloud-builders/docker' |
| 18 | + id: build_cosign |
| 19 | + args: |
| 20 | + - 'build' |
| 21 | + - '-t' |
| 22 | + - '${_COSIGN_IMAGE_NAME}:latest' |
| 23 | + - '-f' |
| 24 | + - 'Dockerfile.cosign' |
| 25 | + - '.' |
| 26 | +- name: 'gcr.io/cloud-builders/docker' |
| 27 | + id: push_cosign |
| 28 | + args: ['push', '${_COSIGN_IMAGE_NAME}:latest'] |
| 29 | +#publish apigeecli |
| 30 | +- name: 'gcr.io/cloud-builders/docker' |
| 31 | + id: build_apigeecli |
| 32 | + args: |
| 33 | + - 'build' |
| 34 | + - '-t' |
| 35 | + - '${_IMAGE_NAME}:${TAG_NAME}' |
| 36 | + - '-f' |
| 37 | + - 'Dockerfile' |
| 38 | + - '.' |
| 39 | + - '--build-arg' |
| 40 | + - 'TAG=${TAG_NAME}' |
| 41 | + - '--build-arg' |
| 42 | + - 'COMMIT=$COMMIT_SHA' |
| 43 | +- name: 'gcr.io/cloud-builders/docker' |
| 44 | + id: push_apigeecli |
| 45 | + args: ['push', '${_IMAGE_NAME}:${TAG_NAME}'] |
| 46 | +- name: 'gcr.io/cloud-builders/docker' |
| 47 | + id: tag_latest_apigeecli |
| 48 | + args: ['tag', '${_IMAGE_NAME}:${TAG_NAME}', '${_IMAGE_NAME}:latest'] |
| 49 | +- name: 'gcr.io/cloud-builders/docker' |
| 50 | + id: push_latest_apigeecli |
| 51 | + args: ['push', '${_IMAGE_NAME}:latest'] |
| 52 | + |
| 53 | +#sign and attach apigeecli |
| 54 | +- name: 'us-docker.pkg.dev/${PROJECT_ID}/${_REPO}/cosign:latest' |
| 55 | + id: sign_apigeecli |
| 56 | + entrypoint: 'sh' |
| 57 | + secretEnv: ['COSIGN_PASSWORD', 'COSIGN_PRIVATE_KEY'] |
| 58 | + args: |
| 59 | + - -c |
| 60 | + - | |
| 61 | + echo "$$COSIGN_PRIVATE_KEY" > /tmp/cosign.key |
| 62 | + cosign sign --key=/tmp/cosign.key --output-signature=/tmp/apigeecli_${TAG_NAME}.sig --yes ${_IMAGE_NAME}:${TAG_NAME} |
| 63 | + cosign attach signature --signature=/tmp/apigeecli_${TAG_NAME}.sig ${_IMAGE_NAME}:${TAG_NAME} |
| 64 | +
|
| 65 | +- name: "gcr.io/google.com/cloudsdktool/cloud-sdk" |
| 66 | + id: export_sbom |
| 67 | + entrypoint: gcloud |
| 68 | + args: |
| 69 | + - artifacts |
| 70 | + - sbom |
| 71 | + - export |
| 72 | + - --uri=${_IMAGE_NAME}:${TAG_NAME} |
| 73 | + - --project=${PROJECT_ID} |
| 74 | + |
| 75 | +availableSecrets: |
| 76 | + secretManager: |
| 77 | + - versionName: projects/$PROJECT_ID/secrets/apigeecli-cosign-password/versions/latest |
| 78 | + env: 'COSIGN_PASSWORD' |
| 79 | + - versionName: projects/$PROJECT_ID/secrets/apigeecli-cosign-private-key/versions/latest |
| 80 | + env: 'COSIGN_PRIVATE_KEY' |
| 81 | + |
| 82 | +images: |
| 83 | +- '${_IMAGE_NAME}:${TAG_NAME}' |
| 84 | + |
| 85 | +#repo name |
| 86 | +substitutions: |
| 87 | + _REPO: "images" |
| 88 | + _IMAGE_NAME: "us-docker.pkg.dev/${PROJECT_ID}/${_REPO}/apigeecli" |
| 89 | + _COSIGN_IMAGE_NAME: "us-docker.pkg.dev/${PROJECT_ID}/${_REPO}/cosign" |
| 90 | + |
| 91 | +options: |
| 92 | + machineType: E2_HIGHCPU_8 |
| 93 | + logging: CLOUD_LOGGING_ONLY |
| 94 | + substitution_option: ALLOW_LOOSE |
| 95 | + dynamic_substitutions: true |
| 96 | + requestedVerifyOption: VERIFIED |
0 commit comments