Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[launcher] Update image signature in test #415

Merged
merged 1 commit into from
Feb 22, 2024
Merged

[launcher] Update image signature in test #415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions launcher/image/test/test_oda_with_signed_container.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ substitutions:
'_VM_NAME_PREFIX': 'oda-signedcontainer'
'_ZONE': 'us-east1-b'
# If the workload image changes, the commit author should change the cosign signature as well to not break tests.
'_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256:999831a7b8f8afd323e2359f3c1192206be2aa1d4f3b19f0739eff5f01f83b9e'
'_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256:a7d9b216e16ad1fb2b1e8a35e3da58b21ee8dba84c3b4970567d7ec0234a4010'
jkl73 marked this conversation as resolved.
Show resolved Hide resolved
'_SIGNATURE_REPO': 'us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda'
'_EXPECTED_SIG': 'EQCIBIEAGtAqxzhMqq2jhs76KJZaD5VXvKV93yotPUtD7yDAiAFS4zFyiRicrhzeS1nmb9SpuAtDRSwv1lWaSWxWiwLTw=='
'_EXPECTED_SIG': 'MEUCIQCytUYBmuaWckWX6tNshHPELSyRLb41eRh6os3l4NCFMgIgUalPTILyb02Tqri9Ebtm56FkF+gcKbaVHkbpIJencOs='

steps:
- name: 'gcr.io/cloud-builders/gcloud'
Expand Down
21 changes: 21 additions & 0 deletions launcher/image/testworkloads/customtoken/happypath/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,27 @@
# If updated the workload source code or this Dockerfile, need to rebuild the image and regenerate the signature
# From current directory:
# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main .
# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath:latest
# # Record the image digest generated by this command
#
# Updating the container signature
#
# # Install cosign
# go install github.com/sigstore/cosign/v2/cmd/cosign@latest
#
# Designate the sig repo
# export COSIGN_REPOSITORY=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda
#
# # Since we don't verify the signature in the test, you can just generate your own key
# cosign generate-key-pair
# cosign public-key --key cosign.key > pub.pem
# PUB=$(cat pub.pem | openssl base64)
# PUB=$(echo $PUB | tr -d '[:space:]' | sed 's/[=]*$//')
# # Sign the container, <IMAGE_DIGEST> is from the gcloud builds submit command above
# cosign sign --key cosign.key us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256:<IMAGE_DIGEST> -a dev.cosignproject.cosign/sigalg=ECDSA_P256_SHA256 -a dev.cosignproject.cosign/pub=$PUB
#
# Once finished, refering to pr#415 to on how to update the signature and image

FROM alpine

COPY main /
Expand Down
Loading