up
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
api-governance / spectral-lint (push) Has been cancelled
This commit is contained in:
StellaOps Bot
26
.gitea/workflows/attestation-bundle.yml
Normal file
26
.gitea/workflows/attestation-bundle.yml
Normal file
@@ -0,0 +1,26 @@
|
||||
name: attestation-bundle
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
attest_dir:
|
||||
description: "Directory containing attestation artefacts"
|
||||
required: true
|
||||
default: "out/attest"
|
||||
|
||||
jobs:
|
||||
bundle:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Build bundle
|
||||
run: |
|
||||
chmod +x scripts/attest/build-attestation-bundle.sh
|
||||
scripts/attest/build-attestation-bundle.sh "${{ github.event.inputs.attest_dir }}"
|
||||
|
||||
- name: Upload bundle
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: attestation-bundle
|
||||
path: out/attest-bundles/**
|
||||
45
.gitea/workflows/cli-build.yml
Normal file
45
.gitea/workflows/cli-build.yml
Normal file
@@ -0,0 +1,45 @@
|
||||
name: cli-build
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
rids:
|
||||
description: "Comma-separated RIDs (e.g., linux-x64,win-x64,osx-arm64)"
|
||||
required: false
|
||||
default: "linux-x64,win-x64,osx-arm64"
|
||||
config:
|
||||
description: "Build configuration"
|
||||
required: false
|
||||
default: "Release"
|
||||
sign:
|
||||
description: "Enable cosign signing (requires COSIGN_KEY)"
|
||||
required: false
|
||||
default: "false"
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup .NET
|
||||
uses: actions/setup-dotnet@v4
|
||||
with:
|
||||
dotnet-version: "10.0.100-rc.2.25502.107"
|
||||
|
||||
- name: Install syft (SBOM)
|
||||
uses: anchore/sbom-action/download-syft@v0
|
||||
|
||||
- name: Build CLI artifacts
|
||||
run: |
|
||||
chmod +x scripts/cli/build-cli.sh
|
||||
RIDS="${{ github.event.inputs.rids }}" CONFIG="${{ github.event.inputs.config }}" SBOM_TOOL=syft SIGN="${{ github.event.inputs.sign }}" COSIGN_KEY="${{ secrets.COSIGN_KEY }}" scripts/cli/build-cli.sh
|
||||
|
||||
- name: List artifacts
|
||||
run: find out/cli -maxdepth 3 -type f -print
|
||||
|
||||
- name: Upload CLI artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: stella-cli
|
||||
path: out/cli/**
|
||||
86
.gitea/workflows/containers-multiarch.yml
Normal file
86
.gitea/workflows/containers-multiarch.yml
Normal file
@@ -0,0 +1,86 @@
|
||||
name: containers-multiarch
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
image:
|
||||
description: "Image tag (e.g., ghcr.io/stella-ops/example:edge)"
|
||||
required: true
|
||||
context:
|
||||
description: "Build context directory"
|
||||
required: true
|
||||
default: "."
|
||||
platforms:
|
||||
description: "Platforms (comma-separated)"
|
||||
required: false
|
||||
default: "linux/amd64,linux/arm64"
|
||||
push:
|
||||
description: "Push to registry"
|
||||
required: false
|
||||
default: "false"
|
||||
|
||||
jobs:
|
||||
build-multiarch:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up QEMU
|
||||
uses: docker/setup-qemu-action@v3
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
with:
|
||||
install: true
|
||||
|
||||
- name: Install syft (SBOM)
|
||||
uses: anchore/sbom-action/download-syft@v0
|
||||
|
||||
- name: Login to ghcr (optional)
|
||||
if: ${{ github.event.inputs.push == 'true' && secrets.GHCR_TOKEN != '' }}
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GHCR_TOKEN }}
|
||||
|
||||
- name: Run multi-arch build
|
||||
env:
|
||||
COSIGN_EXPERIMENTAL: "1"
|
||||
run: |
|
||||
chmod +x scripts/buildx/build-multiarch.sh
|
||||
extra=""
|
||||
if [[ "${{ github.event.inputs.push }}" == "true" ]]; then extra="--push"; fi
|
||||
scripts/buildx/build-multiarch.sh \
|
||||
"${{ github.event.inputs.image }}" \
|
||||
"${{ github.event.inputs.context }}" \
|
||||
--platform "${{ github.event.inputs.platforms }}" \
|
||||
--sbom syft ${extra}
|
||||
|
||||
- name: Build air-gap bundle
|
||||
run: |
|
||||
chmod +x scripts/buildx/build-airgap-bundle.sh
|
||||
scripts/buildx/build-airgap-bundle.sh "${{ github.event.inputs.image }}"
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: buildx-${{ github.event.inputs.image }}
|
||||
path: out/buildx/**
|
||||
|
||||
- name: Inspect built image archive
|
||||
run: |
|
||||
set -e
|
||||
ls -lh out/buildx/
|
||||
find out/buildx -name "image.oci" -print -exec sh -c 'tar -tf "$1" | head' _ {} \;
|
||||
|
||||
- name: Upload air-gap bundle
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: bundle-${{ github.event.inputs.image }}
|
||||
path: out/bundles/**
|
||||
|
||||
- name: Inspect remote image (if pushed)
|
||||
if: ${{ github.event.inputs.push == 'true' }}
|
||||
run: |
|
||||
docker buildx imagetools inspect "${{ github.event.inputs.image }}"
|
||||
Reference in New Issue
Block a user