jan/openreplay
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(build): Adding container signing support

Browse source 
Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
This commit is contained in:
rjshrjndrn 2023-01-03 12:17:48 +01:00
parent b4181fb9a9
commit 361010448a
8 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
api/build.sh
View file

@ -50,6 +50,9 @@ function build_api(){
docker tag ${DOCKER_REPO:-'local'}/chalice:${image_tag} ${DOCKER_REPO:-'local'}/chalice:${tag}latest
docker push ${DOCKER_REPO:-'local'}/chalice:${tag}latest
}
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/chalice:${image_tag}
}
echo "api docker build completed"
}

3
backend/build.sh
View file

@ -27,6 +27,9 @@ function build_service() {
[[ $PUSH_IMAGE -eq 1 ]] && {
docker push ${DOCKER_REPO:-'local'}/$image:${image_tag}
}
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/$image:${image_tag}
}
echo "Build completed for $image"
return
}

3
ee/api/build_crons.sh
View file

@ -36,6 +36,9 @@ function build_crons(){
docker tag ${DOCKER_REPO:-'local'}/crons:${git_sha1} ${DOCKER_REPO:-'local'}/crons:${tag}latest
docker push ${DOCKER_REPO:-'local'}/crons:${tag}latest
}
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/crons:${image_tag}
}
echo "completed crons build"
}

5
frontend/build.sh
View file

@ -26,7 +26,10 @@ function build(){
[[ $PUSH_IMAGE -eq 1 ]] && {
docker push ${DOCKER_REPO:-'local'}/frontend:${image_tag}
}
echo "frotend build completed"
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/frontend:${image_tag}
}
echo "frontend build completed"
}
check_prereq

3
peers/build.sh
View file

@ -35,6 +35,9 @@ function build_api(){
docker tag ${DOCKER_REPO:-'local'}/peers:${image_tag} ${DOCKER_REPO:-'local'}/peers:latest
docker push ${DOCKER_REPO:-'local'}/peers:latest
}
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/peers:${image_tag}
}
echo "peer docker build complted"
}

18
scripts/helmcharts/build_deploy.sh
View file

@ -8,6 +8,12 @@ set -e
# Removing local alpine:latest image
docker rmi alpine || true
# Signing image
# cosign sign --key awskms:///alias/openreplay-container-sign image_url:tag
export SIGN_IMAGE=1
export PUSH_IMAGE=1
export SIGN_KEY="awskms:///alias/openreplay-container-sign"
echo $DOCKER_REPO
[[ -z DOCKER_REPO ]] && {
echo Set DOCKER_REPO="your docker registry"
@ -15,15 +21,15 @@ echo $DOCKER_REPO
} || {
docker login $DOCKER_REPO
cd ../../backend
PUSH_IMAGE=1 bash build.sh $@
bash build.sh $@
cd ../utilities
PUSH_IMAGE=1 bash build.sh $@
bash build.sh $@
cd ../peers
PUSH_IMAGE=1 bash build.sh $@
bash build.sh $@
cd ../frontend
PUSH_IMAGE=1 bash build.sh $@
bash build.sh $@
cd ../sourcemap-reader
PUSH_IMAGE=1 bash build.sh $@
bash build.sh $@
cd ../api
PUSH_IMAGE=1 bash build.sh $@
bash build.sh $@
}

3
sourcemap-reader/build.sh
View file

@ -46,6 +46,9 @@ function build_api(){
docker tag ${DOCKER_REPO:-'local'}/${image_name}:${image_tag} ${DOCKER_REPO:-'local'}/${image_name}:${tag}latest
docker push ${DOCKER_REPO:-'local'}/${image_name}:${tag}latest
}
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/$image_name:${image_tag}
}
echo "${image_name} docker build completed"
}

3
utilities/build.sh
View file

@ -36,6 +36,9 @@ function build_api(){
docker tag ${DOCKER_REPO:-'local'}/assist:${image_tag} ${DOCKER_REPO:-'local'}/assist:latest
docker push ${DOCKER_REPO:-'local'}/assist:latest
}
[[ $SIGN_IMAGE -eq 1 ]] && {
cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/assist:${image_tag}
}
echo "build completed for assist"
}