ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

create_aca_images workflow passes branch ref to dockerfiles (#729)

Browse Source 
* Update ACA image workflow to pass ref to dockerfiles [no ci]

* Use GITHUB_REF_NAME instead [no ci]

* Change variable usage [no ci]

* Use build arg instead of env [no ci]
This commit is contained in:
5B96790E3664F40075A67E6ADF737EDB15B4408DBC91A81228B31537B0CE3E26 2024-03-06 20:51:13 -05:00 committed by GitHub
parent 5445278723
commit 24d81b9da2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.ci/docker/Dockerfile.aca-rocky
View File

@ -3,6 +3,9 @@ LABEL org.opencontainers.image.vendor NSA Laboratory for Advanced Cybersecurity
LABEL org.opencontainers.image.source https://github.com/nsacyber/hirs
LABEL org.opencontainers.image.description NSA\'s HIRS Attestation Certificate Authority. Expose port 8443 to access the portal from outside the container.
# REF can be specified as a docker run environment variable to select the HIRS branch to work with
ARG REF=main
SHELL ["/bin/bash", "-c"]
# Rocky 9 has a different channel for some apps
@ -50,7 +53,7 @@ RUN echo "#!/bin/bash" > /tmp/tpm_config && \
EXPOSE 8443
# Checkout HIRS
RUN git clone -b main https://github.com/nsacyber/HIRS.git /repo
RUN git clone -b ${REF} https://github.com/nsacyber/HIRS.git /repo
# Defensive copy of the repo so it's easy to start fresh if needed
RUN mkdir /hirs

7
.ci/docker/Dockerfile.aca-windows
View File

@ -9,6 +9,9 @@ LABEL org.opencontainers.image.source https://github.com/nsacyber/hirs
LABEL org.opencontainers.image.description NSA\'s HIRS Attestation Certificate Authority in a Windows-native image. Expose port 8443 to access the portal from outside the container.
LABEL org.opencontainers.image.base.name mcr.microsoft.com/powershell:${BASE_IMAGE_TAG}
# REF can be specified as a docker run environment variable to select the HIRS branch to work with
ARG REF=main
SHELL ["pwsh", "-Command"]
# Output Powershell Version
@ -105,11 +108,11 @@ RUN setx PATH '%JAVA_HOME%\bin;C:\Program Files\MariaDB 11.1\bin;%GIT_HOME%\bin;
# Echo PATH after update
RUN echo $Env:PATH
# Clone HIRS main
# Clone HIRS main (or REF)
WORKDIR C:/
RUN git config --global --add core.autocrlf false
RUN git config --global --add safe.directory '*'
RUN git clone -b main https://github.com/nsacyber/hirs.git C:/repo
RUN git clone -b ${REF} https://github.com/nsacyber/hirs.git C:/repo
# Defensive copy of the repo so it's easy to start fresh if needed
WORKDIR C:/repo

6
.github/workflows/create_aca_images.yml vendored
View File

@ -51,6 +51,7 @@ jobs:
echo "PUBLIC_IMAGE_TAG=$PUBLIC_IMAGE_NAME:$IMAGE_TAG_VAR" >> "$GITHUB_OUTPUT"
- name: Print env
run: |
echo GITHUB_REF_NAME=${{ github.ref_name }}
echo DOCKERFILE_ROCKY=$DOCKERFILE_ROCKY
echo DOCKERFILE_WINDOWS=$DOCKERFILE_WINDOWS
echo IMAGE_NAME_ROCKY=$IMAGE_NAME_ROCKY
@ -86,6 +87,7 @@ jobs:
with:
context: "{{defaultContext}}:.ci/docker"
file: Dockerfile.${{env.DOCKERFILE_ROCKY}}
build-args: REF=${{ github.ref_name }}
tags: ${{env.TAG}}
push: true
@ -108,7 +110,7 @@ jobs:
- name: Build the docker image for ${{ github.repository }}
run: |
cd ./.ci/docker
docker build -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} .
docker build --build-arg "REF=${{ github.ref_name }}" -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} .
- name: Push the docker image
run: |
@ -133,7 +135,7 @@ jobs:
- name: Build the docker image for ${{ github.repository }}
run: |
cd ./.ci/docker
docker build -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 .
docker build --build-arg "REF=${{ github.ref_name }}" -f ./Dockerfile.${{env.DOCKERFILE_WINDOWS}} -t ${{env.TAG}} --build-arg BASE_IMAGE_TAG=lts-windowsservercore-1809 .
- name: Push the docker image
run: |