-
Notifications
You must be signed in to change notification settings - Fork 4
/
build-unified.nu
59 lines (40 loc) · 2.1 KB
/
build-unified.nu
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/env nu
# generates modules-latest directory with only latest versions of modules and builds the Containerfile
print $"(ansi green_bold)Gathering images(ansi reset)"
rm -rf ./modules-latest
mkdir ./modules-latest
ls modules | each { |moduleDir|
# module is unversioned
if ($"($moduleDir.name)/($moduleDir.name | path basename).sh" | path exists) {
print $"(ansi cyan)Found(ansi reset) (ansi cyan_bold)unversioned(ansi reset) (ansi cyan)module:(ansi reset) ($moduleDir.name | path basename)"
cp --recursive ($moduleDir.name) $"./modules-latest/($moduleDir.name | path basename)"
} else { # module is versioned
print -n $"(ansi cyan)Found(ansi reset) (ansi blue_bold)versioned(ansi reset) (ansi cyan)module:(ansi reset) ($moduleDir.name | path basename), "
let latest = glob $"./($moduleDir.name)/v*" | last # the glob result is already orderer such that the last value is the biggest
print $"(ansi blue_bold)Latest version:(ansi reset) ($latest | path basename)"
cp --recursive ($latest) $"./modules-latest/($moduleDir.name | path basename)"
}
}
print $"(ansi green_bold)Starting image build(ansi reset)"
let tags = (
if ($env.GH_EVENT_NAME != "pull_request" and $env.GH_BRANCH == "main") {
["latest"]
} else if ($env.GH_EVENT_NAME != "pull_request") {
[$env.GH_BRANCH]
} else {
[$"pr-($env.GH_PR_NUMBER)"]
}
)
print $"(ansi green_bold)Generated tags for image:(ansi reset) ($tags | str join ' ')"
(docker build .
-f ./unified.Containerfile
...($tags | each { |tag| ["-t", $"($env.REGISTRY)/modules:($tag)"] } | flatten) # generate and spread list of tags
)
print $"(ansi cyan)Pushing image:(ansi reset) ($env.REGISTRY)/modules"
let digest = (
docker push --all-tags $"($env.REGISTRY)/modules"
| split row "\n" | last | split row " " | get 2 # parse push output to get digest for signing
)
print $"(ansi cyan)Signing image:(ansi reset) ($env.REGISTRY)/modules@($digest)"
cosign sign -y --key env://COSIGN_PRIVATE_KEY $"($env.REGISTRY)/modules@($digest)"
print $"(ansi green_bold)DONE!(ansi reset)"