# Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # gcloud builds submit --config=cloudbuild.yaml --project=project-name --substitutions=TAG="v0.65" steps: #publish latest cosign - name: 'gcr.io/cloud-builders/docker' id: build_cosign args: - 'build' - '-t' - '${_COSIGN_IMAGE_NAME}:latest' - '-f' - 'Dockerfile.cosign' - '.' - name: 'gcr.io/cloud-builders/docker' id: push_cosign args: ['push', '${_COSIGN_IMAGE_NAME}:latest'] #publish integrationcli - name: 'gcr.io/cloud-builders/docker' id: build_integrationcli args: - 'build' - '-t' - '${_IMAGE_NAME}:${TAG_NAME}' - '-f' - 'Dockerfile' - '.' - '--build-arg' - 'TAG=${TAG_NAME}' - '--build-arg' - 'COMMIT=$COMMIT_SHA' - name: 'gcr.io/cloud-builders/docker' id: push_integrationcli args: ['push', '${_IMAGE_NAME}:${TAG_NAME}'] - name: 'gcr.io/cloud-builders/docker' id: tag_latest_integrationcli args: ['tag', '${_IMAGE_NAME}:${TAG_NAME}', '${_IMAGE_NAME}:latest'] - name: 'gcr.io/cloud-builders/docker' id: push_latest_integrationcli args: ['push', '${_IMAGE_NAME}:latest'] #sign and attach integrationcli - name: 'us-docker.pkg.dev/${PROJECT_ID}/${_REPO}/cosign:latest' id: sign_integrationcli entrypoint: 'sh' secretEnv: ['COSIGN_PASSWORD', 'COSIGN_PRIVATE_KEY'] args: - -c - | echo "$$COSIGN_PRIVATE_KEY" > /tmp/cosign.key cosign sign --key=/tmp/cosign.key --output-signature=/tmp/integrationcli_${TAG_NAME}.sig --yes ${_IMAGE_NAME}:${TAG_NAME} cosign attach signature --signature=/tmp/integrationcli_${TAG_NAME}.sig ${_IMAGE_NAME}:${TAG_NAME} - name: "gcr.io/google.com/cloudsdktool/cloud-sdk" id: export_sbom entrypoint: gcloud args: - artifacts - sbom - export - --uri=${_IMAGE_NAME}:${TAG_NAME} - --project=${PROJECT_ID} availableSecrets: secretManager: - versionName: projects/$PROJECT_ID/secrets/integrationcli-cosign-password/versions/latest env: 'COSIGN_PASSWORD' - versionName: projects/$PROJECT_ID/secrets/integrationcli-cosign-private-key/versions/latest env: 'COSIGN_PRIVATE_KEY' images: - '${_IMAGE_NAME}:${TAG_NAME}' #repo name substitutions: _REPO: "images" _IMAGE_NAME: "us-docker.pkg.dev/${PROJECT_ID}/${_REPO}/integrationcli" _COSIGN_IMAGE_NAME: "us-docker.pkg.dev/${PROJECT_ID}/${_REPO}/cosign" options: machineType: E2_HIGHCPU_8 logging: CLOUD_LOGGING_ONLY substitution_option: ALLOW_LOOSE dynamic_substitutions: true requestedVerifyOption: VERIFIED