diff --git a/.ci/jenkins/tools/ko.groovy b/.ci/jenkins/tools/ko.groovy index 1d24be291..83be03f58 100644 --- a/.ci/jenkins/tools/ko.groovy +++ b/.ci/jenkins/tools/ko.groovy @@ -21,9 +21,9 @@ void install() { private def registrySecret(String registry) { String path switch (registry) { - case "DockerHub": path = "keptn-jenkins/monaco/dockerhub-deploy" - case "DT": path = "keptn-jenkins/monaco/registry-deploy" - default: path = "keptn-jenkins/monaco/registry-deploy" + case "DockerHub": path = "keptn-jenkins/monaco/dockerhub-deploy"; break + case "DT": path = "keptn-jenkins/monaco/registry-deploy"; break + default: path = "keptn-jenkins/monaco/registry-deploy"; break } return [[path : "${path}", @@ -37,7 +37,7 @@ private def registrySecret(String registry) { void loginToRegistry(Map args = [registry: null]) { withVault(vaultSecrets: registrySecret(args.registry)) { - sh(label: "sign in to container registry", + sh(label: "sign in to ${args.registry} registry", script: 'ko login --username=$username --password=$password $registry') } } diff --git a/.ci/releasePipeline.groovy b/.ci/releasePipeline.groovy index 8e0db660d..af616d4dc 100644 --- a/.ci/releasePipeline.groovy +++ b/.ci/releasePipeline.groovy @@ -35,16 +35,7 @@ pipeline { stage("Build binaries") { def tasks = [:] - tasks["Docker container"] = { - stage("for testing") { - releaseDockerContainer(ctx, "DT") - } - if (isRelease(ctx)) { - stage ("for DockerHub") { - releaseDockerContainer(ctx, "DockerHub") - } - } - } + tasks["Docker container"] = { releaseDockerContainer(ctx) } //linux for (arch in ["amd64", "arm64", "386"]) { @@ -189,23 +180,33 @@ void releaseBinary(Context ctx, Release release) { } } -void releaseDockerContainer(Context ctx, String registry) { - stage("Build Docker") { - def ko = load(".ci/jenkins/tools/ko.groovy") - ko.install() +void releaseDockerContainer(Context ctx) { + createAndPublishContainer(ctx, "DT") + + if (isRelease(ctx)) { + createAndPublishContainer(ctx, "DockerHub") + def cosign = load(".ci/jenkins/tools/cosign.groovy") - cosign.install("latest") + ctx.githubRelease.addToRelease(rawData: cosign.getPublicKey(), underName: "cosign.pub") + } +} - List tags = [ctx.version] - if (isFinal(ctx)) { - tags << "latest" - ctx.githubRelease.addToRelease(rawData: cosign.getPublicKey(), underName: "cosign.pub") - } +void createAndPublishContainer(Context ctx, String registry) { + def ko = load(".ci/jenkins/tools/ko.groovy") + ko.install() + def cosign = load(".ci/jenkins/tools/cosign.groovy") + cosign.install("latest") - ko.loginToRegistry(registry: registry) - image = ko.buildContainer(tags: tags, registry: registry) - cosign.sign(image) + List tags = [ctx.version] + if (isFinal(ctx)) { + tags << "latest" } + + ko.loginToRegistry(registry: registry) + image = ko.buildContainer(tags: tags, registry: registry) + cosign.sign(image) + + echo "Created docker image ${image}" } void signWinBinaries(Map args = [source: null, version: null, destDir: null, projectName: null]) { diff --git a/Makefile b/Makefile index 1caebc679..c3c6e8767 100644 --- a/Makefile +++ b/Makefile @@ -135,8 +135,3 @@ IMAGE_PATH ?= $(REPO_PATH)/$(CONTAINER_NAME) docker-container: install-ko @echo Building docker container... KO_DOCKER_REPO=$(IMAGE_PATH) VERSION=$(VERSION) ko build --bare --sbom=none --tags=$(TAGS) ./cmd/monaco - -sign-verify-image: - @go install github.com/sigstore/cosign/v2/cmd/cosign@v2.2 - COSIGN_PASSWORD=$(COSIGN_PASSWORD) cosign sign --key env://cosign_key $(FULL_IMAGE_NAME) -y - cosign verify --key env://cosign_pub $(FULL_IMAGE_NAME)