ci: Add workflow_dispatch to manually trigger build-kwctl #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Sign, and Generate SBOM, Attestation & Provenance | |
| on: | |
| workflow_call: | |
| inputs: | |
| version: | |
| type: string | |
| push: | |
| branches: | |
| - "main" | |
| - "feat-**" | |
| jobs: | |
| build: | |
| strategy: | |
| matrix: | |
| component: [policy-server, kubewarden-controller, audit-scanner] | |
| arch: [amd64, arm64] | |
| include: | |
| - arch: amd64 | |
| runner: ubuntu-latest | |
| platform: linux/amd64 | |
| - arch: arm64 | |
| runner: ubuntu-24.04-arm | |
| platform: linux/arm64 | |
| permissions: | |
| packages: write # Pushing images to ghcr.io | |
| id-token: write # Signing images with cosign | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Build, sign, and upload digest | |
| uses: kubewarden/github-actions/container-build@f1695ca9a575bf58b85d6c3652c7ff7d1d12ec24 # v4.5.16 | |
| with: | |
| component: ${{ matrix.component }} | |
| arch: ${{ matrix.arch }} | |
| platform: ${{ matrix.platform }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| merge: | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| permissions: | |
| packages: write # Pushing multi-arch manifest to ghcr.io | |
| id-token: write # Signing images with cosign | |
| strategy: | |
| matrix: | |
| component: [policy-server, kubewarden-controller, audit-scanner] | |
| steps: | |
| - name: Retrieve tag name (main) | |
| if: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
| run: | | |
| echo TAG_NAME=latest >> $GITHUB_ENV | |
| - name: Retrieve tag name (feat branch) | |
| if: ${{ startsWith(github.ref, 'refs/heads/feat') }} | |
| run: | | |
| echo "TAG_NAME=latest-$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
| - name: Retrieve tag name (release) | |
| if: ${{ !startsWith(github.ref, 'refs/heads/') }} | |
| run: | | |
| echo TAG_NAME=${{ inputs.version }} >> $GITHUB_ENV | |
| - name: Merge multi-arch images | |
| uses: kubewarden/github-actions/merge-multiarch@f1695ca9a575bf58b85d6c3652c7ff7d1d12ec24 # v4.5.16 | |
| with: | |
| component: ${{ matrix.component }} | |
| tag: ${{ env.TAG_NAME }} | |
| arch: amd64,arm64 | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |