Skip to content
kwctl build

Merge pull request #914 from kubewarden/dependabot/cargo/k8s-openapi-… #127

Sign in to view logs

Merge pull request #914 from kubewarden/dependabot/cargo/k8s-openapi-…

Merge pull request #914 from kubewarden/dependabot/cargo/k8s-openapi-… #127

Workflow file for this run

.github/workflows/build.yml at 1a6e2c0
name: kwctl build
on:
workflow_call:
push:
branches:
- "main"
- "feat-**"
env:
CARGO_TERM_COLOR: always
jobs:
build-linux-binaries:
name: Build linux binaries
runs-on: ubuntu-latest
strategy:
matrix:
targetarch:
- aarch64
- x86_64
permissions:
packages: write
id-token: write
steps:
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: setup rust toolchain
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: stable
target: ${{matrix.targetarch}}-unknown-linux-musl
override: true
- uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
use-cross: true
command: build
args: --release --target ${{matrix.targetarch}}-unknown-linux-musl
- name: Sign kwctl
run: |
mv target/${{ matrix.targetarch }}-unknown-linux-musl/release/kwctl kwctl-linux-${{ matrix.targetarch }}
cosign sign-blob --yes kwctl-linux-${{ matrix.targetarch }} --output-certificate kwctl-linux-${{ matrix.targetarch}}.pem --output-signature kwctl-linux-${{ matrix.targetarch }}.sig
- run: zip -j9 kwctl-linux-${{ matrix.targetarch }}.zip kwctl-linux-${{ matrix.targetarch }} kwctl-linux-${{ matrix.targetarch }}.sig kwctl-linux-${{ matrix.targetarch }}.pem
- name: Upload binary
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kwctl-linux-${{ matrix.targetarch }}
path: kwctl-linux-${{ matrix.targetarch }}.zip
- name: Install the syft command
uses: kubewarden/github-actions/syft-installer@3e642ece052ab0a1bf28f12884fdba9b7ed567e3 # v3.3.4
- name: Create SBOM file
shell: bash
run: |
syft \
--file kwctl-linux-${{ matrix.targetarch }}-sbom.spdx \
--output spdx-json \
--source-name kwctl-linux-${{ matrix.targetarch }} \
--source-version ${{ github.sha }} \
-vv \
dir:. # use dir default catalogers, which includes Cargo.toml
- name: Sign SBOM file
run: |
cosign sign-blob --yes \
--output-certificate kwctl-linux-${{ matrix.targetarch }}-sbom.spdx.cert \
--output-signature kwctl-linux-${{ matrix.targetarch }}-sbom.spdx.sig \
kwctl-linux-${{ matrix.targetarch }}-sbom.spdx
- name: Upload kwctl SBOM files
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kwctl-linux-${{ matrix.targetarch }}-sbom
path: |
kwctl-linux-${{ matrix.targetarch }}-sbom.spdx
kwctl-linux-${{ matrix.targetarch }}-sbom.spdx.cert
kwctl-linux-${{ matrix.targetarch }}-sbom.spdx.sig
- name: Upload kwctl air gap scripts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
if: matrix.targetarch == 'x86_64' # only upload the scripts once
with:
name: kwctl-airgap-scripts
path: |
scripts/kubewarden-load-policies.sh
scripts/kubewarden-save-policies.sh
build-darwin-binaries:
name: Build darwin binary
strategy:
matrix:
targetarch: ["aarch64", "x86_64"]
runs-on: macos-latest
permissions:
id-token: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Setup rust toolchain
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: stable
target: ${{ matrix.targetarch }}-apple-darwin
override: true
- run: rustup target add ${{ matrix.targetarch }}-apple-darwin
- name: Build kwctl
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: build
args: --target=${{ matrix.targetarch }}-apple-darwin --release
- run: mv target/${{ matrix.targetarch }}-apple-darwin/release/kwctl kwctl-darwin-${{ matrix.targetarch }}
- name: Smoke test build
if: matrix.targetarch == 'x86_64'
run: ./kwctl-darwin-x86_64 --help
- name: Sign kwctl
run: cosign sign-blob --yes kwctl-darwin-${{ matrix.targetarch }} --output-certificate kwctl-darwin-${{ matrix.targetarch }}.pem --output-signature kwctl-darwin-${{ matrix.targetarch }}.sig
- run: zip -j9 kwctl-darwin-${{ matrix.targetarch }}.zip kwctl-darwin-${{ matrix.targetarch }} kwctl-darwin-${{ matrix.targetarch }}.sig kwctl-darwin-${{ matrix.targetarch }}.pem
- name: Upload binary
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kwctl-darwin-${{ matrix.targetarch }}
path: kwctl-darwin-${{ matrix.targetarch }}.zip
- name: Install the syft command
uses: kubewarden/github-actions/syft-installer@3e642ece052ab0a1bf28f12884fdba9b7ed567e3 # v3.3.4
with:
arch: darwin_amd64
- name: Create SBOM file
shell: bash
run: |
syft \
--file kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx \
--output spdx-json \
--source-name kwctl-darwin-${{ matrix.targetarch }} \
--source-version ${{ github.sha }} \
-vv \
dir:. # use dir default catalogers, which includes Cargo.toml
- name: Sign SBOM file
run: |
cosign sign-blob --yes \
--output-certificate kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx.cert \
--output-signature kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx.sig \
kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx
- name: Upload kwctl SBOM files
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kwctl-darwin-${{ matrix.targetarch }}-sbom
path: |
kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx
kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx.cert
kwctl-darwin-${{ matrix.targetarch }}-sbom.spdx.sig
build-windows-x86_64:
name: Build windows (x86_64) binary
strategy:
matrix:
# workaround to have the same GH UI for all jobs
targetarch: ["x86_64"]
os: ["windows-latest"]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
- name: Setup rust toolchain
uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7
with:
toolchain: stable
- run: rustup target add x86_64-pc-windows-msvc
- name: enable git long paths on Windows
if: matrix.os == 'windows-latest'
run: git config --global core.longpaths true
- name: Build kwctl
uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3
with:
command: build
args: --target=x86_64-pc-windows-msvc --release
- run: mv target/x86_64-pc-windows-msvc/release/kwctl.exe kwctl-windows-x86_64.exe
- name: Smoke test build
run: .\kwctl-windows-x86_64.exe --help
- name: Sign kwctl
run: cosign sign-blob --yes kwctl-windows-x86_64.exe --output-certificate kwctl-windows-x86_64.pem --output-signature kwctl-windows-x86_64.sig
- run: |
"/c/Program Files/7-Zip/7z.exe" a kwctl-windows-x86_64.exe.zip kwctl-windows-x86_64.exe kwctl-windows-x86_64.sig kwctl-windows-x86_64.pem
shell: bash
- name: Upload binary
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kwctl-windows-x86_64
path: kwctl-windows-x86_64.exe.zip
- name: Install the syft command
uses: kubewarden/github-actions/syft-installer@3e642ece052ab0a1bf28f12884fdba9b7ed567e3 # v3.3.4
with:
arch: windows_amd64
- name: Create SBOM file
shell: bash
run: |
syft \
--file kwctl-windows-x86_64-sbom.spdx \
--output spdx-json \
--source-name kwctl-windows-x86_64 \
--source-version ${{ github.sha }} \
-vv \
dir:. # use dir default catalogers, which includes Cargo.toml
- name: Sign SBOM file
shell: bash
run: |
cosign sign-blob --yes \
--output-certificate kwctl-windows-x86_64-sbom.spdx.cert \
--output-signature kwctl-windows-x86_64-sbom.spdx.sig \
kwctl-windows-x86_64-sbom.spdx
- name: Upload kwctl SBOM files
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: kwctl-windows-x86_64-sbom
path: |
kwctl-windows-x86_64-sbom.spdx
kwctl-windows-x86_64-sbom.spdx.cert
kwctl-windows-x86_64-sbom.spdx.sig