58 lines
1.8 KiB
Bash
58 lines
1.8 KiB
Bash
#!/bin/sh
|
||
set -e
|
||
|
||
echo "=== 🚀 Drone Publish Tool ==="
|
||
echo "Image: $IMAGE_FULL"
|
||
echo "Version: $VERSION_TAG"
|
||
|
||
# --- 1️⃣ Signieren ---
|
||
if [ -n "$COSIGN_KEY" ]; then
|
||
echo "🔏 Signing image using Cosign..."
|
||
|
||
# Temporäre Datei anlegen
|
||
COSIGN_KEY_FILE=$(mktemp /tmp/cosign-key-XXXXXX)
|
||
echo "$COSIGN_KEY" > "$COSIGN_KEY_FILE"
|
||
chmod 600 "$COSIGN_KEY_FILE"
|
||
|
||
# Optionales Passwort weitergeben
|
||
export COSIGN_PASSWORD="${COSIGN_PASSWORD:-}"
|
||
|
||
# Signieren (mit --yes, falls ohne Interaktion)
|
||
cosign sign --yes --key "$COSIGN_KEY_FILE" "$IMAGE_FULL"
|
||
|
||
# Digest extrahieren (zur Info oder für Gitea-Release)
|
||
SIGN_DIGEST=$(cosign verify --key "$COSIGN_KEY_FILE" "$IMAGE_FULL" 2>/dev/null | grep docker-manifest-digest | head -n1 | awk -F'"' '{print $4}')
|
||
|
||
# Schlüssel sicher löschen
|
||
shred -u "$COSIGN_KEY_FILE" 2>/dev/null || rm -f "$COSIGN_KEY_FILE"
|
||
|
||
echo "✅ Image successfully signed."
|
||
else
|
||
echo "⚠️ Skipping signing step (no COSIGN_KEY provided)"
|
||
fi
|
||
|
||
# --- 2️⃣ Gitea Release erstellen ---
|
||
if [ -n "$GITEA_TOKEN" ] && [ -n "$GITEA_REPO" ] && [ -n "$GITEA_URL" ]; then
|
||
echo "🏷️ Creating Gitea release for $VERSION_TAG..."
|
||
|
||
RELEASE_BODY="Automatischer Release für $VERSION_TAG\n\nImage: $IMAGE_FULL"
|
||
[ -n "$SIGN_DIGEST" ] && RELEASE_BODY="$RELEASE_BODY\n\nSignatur-Digest: $SIGN_DIGEST"
|
||
|
||
curl -s -X POST "$GITEA_URL/api/v1/repos/$GITEA_REPO/releases" \
|
||
-H "Authorization: token $GITEA_TOKEN" \
|
||
-H "Content-Type: application/json" \
|
||
-d "{
|
||
\"tag_name\": \"$VERSION_TAG\",
|
||
\"name\": \"Release $VERSION_TAG\",
|
||
\"body\": \"$RELEASE_BODY\",
|
||
\"draft\": false,
|
||
\"prerelease\": false
|
||
}"
|
||
|
||
echo "✅ Gitea release created."
|
||
else
|
||
echo "⚠️ Skipping Gitea release creation (missing vars)"
|
||
fi
|
||
|
||
echo "=== ✅ Done ==="
|