updated to us cosign and policy controller

.drone.yml

@@ -1,28 +1,79 @@
 ---
 kind: pipeline
 type: docker
+name: setup
+steps:
+- name: create cluster
+  image: docker.io/kameshsampath/kube-dev-tools:0.1.5
+  commands:
+  - |
+     k3d cluster create $K3D_CLUSTER_NAME --network=$K3D_CLUSTER_NAME
+  volumes:
+  - name: docker-sock
+    path: /var/run/docker.sock
+volumes:
+  - name: docker-sock
+    host:
+      path: /var/run/docker.sock
+---
+kind: pipeline
+type: docker
 name: default
 
 steps:
   - name: test
-    image: golang:1.18
+    image: golang:1.19
     pull: if-not-exists
     commands:
       - go clean -testcache
       - go test ./... -v
 
   - name: build
-    image: goreleaser/goreleaser
+    image: kameshsampath/kube-dev-tools:0.1.5
     pull: if-not-exists
     commands:
-      - goreleaser build --snapshot --rm-dist
+      - ./bin/build.sh
+    volumes:
+    - name: docker-sock
+      path: /var/run/docker.sock
+volumes:
+  - name: docker-sock
+    host:
+      path: /var/run/docker.sock
+---
+kind: pipeline
+type: docker
+name: verify
 
-  - name: push
-    image: thegeeklab/drone-docker-buildx
-    privileged: true
+steps:
+  - name: verify signatures
+    image: kameshsampath/kube-dev-tools:0.1.5
     pull: if-not-exists
-    settings:
-      platforms:
-        - linux/amd64
-        - linux/arm64
-      context: dist
+    commands:
+     - ./bin/verify.sh
+    volumes:
+    - name: docker-sock
+      path: /var/run/docker.sock
+volumes:
+  - name: docker-sock
+    host:
+      path: /var/run/docker.sock
+---
+kind: pipeline
+type: docker
+name: delete-cluster
+steps:
+- name: delete
+  image: docker.io/kameshsampath/kube-dev-tools:0.1.5
+  commands:
+  - |
+     k3d cluster delete "$K3D_CLUSTER_NAME"
+     docker network rm  "$K3D_CLUSTER_NAME"
+     rm -f "$DRONE_WORKSPACE/cosign.pub" "$DRONE_WORKSPACE/image-refs.txt"
+  volumes:
+  - name: docker-sock
+    path: /var/run/docker.sock
+volumes:
+  - name: docker-sock
+    host:
+      path: /var/run/docker.sock

.env.example

@@ -1,3 +1,9 @@
-PLUGIN_REGISTRY=ttl.sh
-PLUGIN_REPO="${IMAGE_NAME}"
-PLUGIN_TAG="${IMAGE_TAG}"
+K3D_CLUSTER_NAME=sigstore-demos
+KO_DOCKER_REPO="REPLACE ME"
+IMAGE_REGISTRY="REPLACE_ME"
+IMAGE_REGISTRY_USERNAME="REPLACE ME"
+IMAGE_REGISTRY_PASSWORD="REPLACE ME"
+IMAGE_TAG=0.0.1
+COSIGN_PUBLIC_KEY=k8s://cosign-system/my-sign
+COSIGN_PRIVATE_KEY=k8s://cosign-system/my-sign
+COSIGN_PASSWORD="REPLACE ME"

.envrc

@@ -1 +1,4 @@
-layout python3
+export TUTORIAL_HOME="$PWD"
+export KUBECONFIG="$TUTORIAL_HOME/.kube/config"
+dotenv_if_exists
+source_env_if_exists .envrc.local

.gitignore

@@ -1,4 +1,6 @@
 dist
 .direnv
 .env*
-!.env.example
+!.env.example
+cosign*
+image-refs.txt

.harness/Build_Gitops_Greeter.yaml

@@ -0,0 +1,55 @@
+pipeline:
+  name: Build Gitops Greeter
+  identifier: Build_Gitops_Greeter
+  projectIdentifier: mydemos
+  orgIdentifier: default
+  stages:
+    - stage:
+        name: Build
+        identifier: Build
+        type: CI
+        spec:
+          cloneCodebase: true
+          execution:
+            steps:
+              - step:
+                  name: ko build and push
+                  identifier: ko_build_and_push
+                  template:
+                    templateRef: account.ko_build_and_push
+                    versionLabel: 0.0.1
+                    templateInputs:
+                      type: Run
+                      spec:
+                        connectorRef: <+input>
+                        envVariables:
+                          IMAGE_TAG: <+input>
+                          KO_DOCKER_REPO: <+input>
+                          IMAGE_REGISTRY: <+input>
+                          IMAGE_REGISTRY_USERNAME: <+input>
+                          IMAGE_REGISTRY_PASSWORD: <+input>
+          platform:
+            os: Linux
+            arch: Amd64
+          runtime:
+            type: Cloud
+            spec: {}
+        variables:
+          - name: image_registry_password
+            type: Secret
+            description: the container image registry password
+            value: account.Github_Access_Token
+          - name: image_registry_username
+            type: String
+            description: the container image registry user
+            value: kameshsampath
+          - name: image_registry
+            type: String
+            description: the container image registry e.g docker.io, qauy.io
+            value: ghcr.io
+  properties:
+    ci:
+      codebase:
+        connectorRef: account.Github
+        repoName: kameshsampath/gitops-greeter
+        build: <+input>

.harness/Default_GitHub.yaml

@@ -0,0 +1,34 @@
+inputSet:
+  identifier: "Default_GitHub"
+  name: "Default GitHub"
+  orgIdentifier: "default"
+  projectIdentifier: "mydemos"
+  pipeline:
+    identifier: "Build_Gitops_Greeter"
+    stages:
+    - stage:
+        identifier: "Build"
+        type: "CI"
+        spec:
+          execution:
+            steps:
+            - step:
+                identifier: "ko_build_and_push"
+                template:
+                  templateInputs:
+                    type: "Run"
+                    spec:
+                      connectorRef: "account.DockerHub"
+                      envVariables:
+                        IMAGE_TAG: "<+trigger.tag>"
+                        KO_DOCKER_REPO: "<+pipeline.stages.Build.variables.image_registry>/<+pipeline.stages.Build.variables.image_registry_username>/gitops-greeter"
+                        IMAGE_REGISTRY: "<+pipeline.stages.Build.variables.image_registry>"
+                        IMAGE_REGISTRY_USERNAME: "<+pipeline.stages.Build.variables.image_registry_username>"
+                        IMAGE_REGISTRY_PASSWORD: "<+pipeline.stages.Build.variables.image_registry_password>"
+    properties:
+      ci:
+        codebase:
+          build:
+            type: "branch"
+            spec:
+              branch: "<+trigger.branch>"

.harness/Default_GitHub_Dev_Builds.yaml

@@ -0,0 +1,34 @@
+inputSet:
+  identifier: "Default_GitHub_Dev_Build"
+  name: "Default GitHub Dev Build"
+  orgIdentifier: "default"
+  projectIdentifier: "mydemos"
+  pipeline:
+    identifier: "Build_Gitops_Greeter"
+    stages:
+    - stage:
+        identifier: "Build"
+        type: "CI"
+        spec:
+          execution:
+            steps:
+            - step:
+                identifier: "ko_build_and_push"
+                template:
+                  templateInputs:
+                    type: "Run"
+                    spec:
+                      connectorRef: "account.DockerHub"
+                      envVariables:
+                        IMAGE_TAG: "<+codebase.shortCommitSha>"
+                        KO_DOCKER_REPO: "<+pipeline.stages.Build.variables.image_registry>/<+pipeline.stages.Build.variables.image_registry_username>/gitops-greeter"
+                        IMAGE_REGISTRY: "<+pipeline.stages.Build.variables.image_registry>"
+                        IMAGE_REGISTRY_USERNAME: "<+pipeline.stages.Build.variables.image_registry_username>"
+                        IMAGE_REGISTRY_PASSWORD: "<+pipeline.stages.Build.variables.image_registry_password>"
+    properties:
+      ci:
+        codebase:
+          build:
+            type: "branch"
+            spec:
+              branch: "<+trigger.branch>"