kyverno/.github/workflows/image.yaml

name: image
on:
  push:
    branches:
      - 'main'

jobs:
  push-init-kyverno:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16

      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.1'

      - name: login to GitHub Container Registry
        run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        id: buildx
        with:
          install: true

      - name: docker images publish
        run: |
          make docker-publish-sigs
          make docker-publish-initContainer-dev

      - name: Sign image
        run: |
          export COSIGN_REPOSITORY=ghcr.io/kyverno/signatures
          KYVERNO_IMAGE_VERSION=$(git describe --match "[0-9].[0-9]-dev*")
          echo -n "${{ secrets.KYVERNO_COSIGN_PRIVATE_KEY_PASSWORD }}" | cosign sign -key <(echo -n "${{ secrets.KYVERNO_COSIGN_PRIVATE_KEY }}") ghcr.io/kyverno/kyvernopre:${KYVERNO_IMAGE_VERSION}

  push-kyverno:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16

      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.1'

      - name: login to GitHub Container Registry
        run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        id: buildx
        with:
          install: true

      - name: docker images publish
        run: |
          make docker-publish-kyverno-dev

      - name: Sign image
        run: |
          export COSIGN_REPOSITORY=ghcr.io/kyverno/signatures
          KYVERNO_IMAGE_VERSION=$(git describe --match "[0-9].[0-9]-dev*")
          echo -n "${{ secrets.KYVERNO_COSIGN_PRIVATE_KEY_PASSWORD }}" | cosign sign -key <(echo -n "${{ secrets.KYVERNO_COSIGN_PRIVATE_KEY }}") ghcr.io/kyverno/kyverno:${KYVERNO_IMAGE_VERSION}

  push-kyverno-cli:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Unshallow
        run: git fetch --prune --unshallow

      - name: Set up Go
        uses: actions/setup-go@v2
        with:
          go-version: 1.16

      - name: Install Cosign
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.2.1'

      - name: login to GitHub Container Registry
        run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
        id: buildx
        with:
          install: true

      - name: docker images publish
        run: |
          make docker-publish-cli-dev

      - name: Sign image
        run: |
          export COSIGN_REPOSITORY=ghcr.io/kyverno/signatures
          KYVERNO_IMAGE_VERSION=$(git describe --match "[0-9].[0-9]-dev*")
          echo -n "${{ secrets.KYVERNO_COSIGN_PRIVATE_KEY_PASSWORD }}" | cosign sign -key <(echo -n "${{ secrets.KYVERNO_COSIGN_PRIVATE_KEY }}") ghcr.io/kyverno/kyverno-cli:${KYVERNO_IMAGE_VERSION}