Merge pull request #167 from spiffe/fix-workflow5

kfox1111 · web-flow · commit 77385407fab2 · 2025-06-01T15:00:49.000-07:00
Fix workflow after merge
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,41 @@
+name: Build Containers
+
+on:
+  pull_request: {}
+
+env:
+  REGISTRY: ghcr.io
+  REPOSITORY: spiffe
+  COSIGN_EXPERIMENTAL: 1
+
+jobs:
+  build:
+    runs-on: ${{ matrix.archmap[matrix.arch] }}
+    strategy:
+      matrix:
+        app: [pilot, keeper, nexus]
+        arch: [linux/amd64, linux/arm64]
+        archmap: [{ "linux/amd64": "ubuntu-24.04", "linux/arm64": "ubuntu-24.04-arm" }]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3.3.0
+
+      # Build and push images using the script
+      - name: Build and push images
+        run: |
+          # Extract version from release tag
+          VERSION="${{ github.sha }}"
+          
+          ./k8s/build-push-sign.sh ${{ matrix.app }} ${{ matrix.arch }} ${VERSION} ${{ env.REGISTRY }} ${{ env.REPOSITORY }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -52,6 +52,7 @@ jobs:
           # Extract version from release tag
           VERSION="${{ github.event.release.tag_name }}"
           VERSION=${VERSION#v}  # Remove 'v' prefix if present
+          export PUSH=true
           
           ./k8s/build-push-sign.sh ${{ matrix.app }} ${{ matrix.arch }} ${VERSION} ${{ env.REGISTRY }} ${{ env.REPOSITORY }}
 
diff --git a/k8s/build-push-sign.sh b/k8s/build-push-sign.sh
@@ -61,13 +61,15 @@ docker buildx build \
   --label "org.opencontainers.image.licenses=Apache-2.0" \
   --label "org.opencontainers.image.title=spike" \
   --label "org.opencontainers.image.description=SPIKE is a lightweight secrets store that uses SPIFFE as its identity control plane" \
-  "$TAG_ARGS" \
+  $TAG_ARGS \
   .
 
-# Push images
-echo "Pushing images"
-for tag in "${TAGS[@]}"; do
-  docker push "$tag"
-done
+if [ "x$PUSH" != "x" ]; then
+  # Push images
+  echo "Pushing images"
+  for tag in "${TAGS[@]}"; do
+    docker push "$tag"
+  done
+fi
 
 echo "Done!"
