Skip to content

kbs: Simplify deployment overlays #61

kbs: Simplify deployment overlays

kbs: Simplify deployment overlays #61

name: Build and Push KBS Image
on:
push:
branches:
- main
jobs:
build_and_push:
permissions:
packages: write
strategy:
fail-fast: false
matrix:
instance:
- ubuntu-latest
- s390x
tag:
- kbs
- kbs-grpc-as
- kbs-ita-as
exclude:
- instance: s390x
tag: kbs-ita-as
include:
- tag: kbs
docker_file: kbs/docker/Dockerfile
https_crypto: openssl
name: build-in AS
- tag: kbs-grpc-as
docker_file: kbs/docker/coco-as-grpc/Dockerfile
https_crypto: rustls
name: gRPC AS
- tag: kbs-ita-as
docker_file: kbs/docker/intel-trust-authority/Dockerfile
https_crypto: rustls
name: Intel Trust Authority AS
runs-on: ${{ matrix.instance }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Container Image KBS (${{ matrix.name }})
run: |
commit_sha=${{ github.sha }}
arch=$(uname -m)
https_crypto=${{ matrix.https_crypto }}
[ "${arch}" = "s390x" ] && https_crypto=openssl
DOCKER_BUILDKIT=1 docker build -f "${{ matrix.docker_file }}" --push \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:${commit_sha}-${arch}" \
-t "ghcr.io/confidential-containers/staged-images/${{ matrix.tag }}:latest-${arch}" \
--build-arg ARCH="${arch}" --build-arg HTTPS_CRYPTO="${https_crypto}" .
publish_multi_arch_image:
needs: build_and_push
strategy:
fail-fast: false
matrix:
image:
- kbs
- kbs-grpc-as
permissions:
packages: write
runs-on: ubuntu-latest
steps:
- name: Login to GHCR Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Publish Multi-Arch ${{ matrix.image }} image
run: |
commit_sha=${{ github.sha }}
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}-x86_64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}-s390x"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:${commit_sha}"
docker manifest create "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-x86_64" \
--amend "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest-s390x"
docker manifest push "ghcr.io/confidential-containers/staged-images/${{ matrix.image }}:latest"