opencred/cloudbuild.yaml at main · stateofca/opencred · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Copyright 2023 - 2026 California Department of Motor Vehicles
# Copyright 2023 - 2026 Digital Bazaar, Inc.
#
# SPDX-License-Identifier: BSD-3-Clause

steps:
  - name: "gcr.io/cloud-builders/docker"
    args:
      [
        "build",
        "--build-arg",
        "NODE_AUTH_TOKEN=${_NODE_AUTH_TOKEN}",
        "-t",
        "$TAG_NAME",
        ".",
      ]

  - name: "gcr.io/cloud-builders/docker"
    id: "Push Docker Image to Repository"
    args: ["push", "$TAG_NAME"]

  - name: "gcr.io/$PROJECT_ID/cloudbuild-attestor"
    id: "Attest Image (Binary Auth)"
    entrypoint: "sh"
    args:
      - -xe
      - -c
      - |-
        FQ_DIGEST=$(gcloud container images describe --format 'value(image_summary.fully_qualified_digest)' $TAG_NAME)
        /scripts/create_attestation.sh \
        -p "$PROJECT_ID" \
        -i "$${FQ_DIGEST}" \
        -a "$_VULNZ_ATTESTOR" \
        -v "$_VULNZ_KMS_KEY_VERSION" \
        -k "$_VULNZ_KMS_KEY" \
        -l "$_KMS_LOCATION" \
        -r "$_KMS_KEYRING" \