Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor release cloudbuild job #1476

Merged
merged 1 commit into from
Feb 17, 2022
Merged

refactor release cloudbuild job #1476

merged 1 commit into from
Feb 17, 2022

Conversation

cpanato
Copy link
Member

@cpanato cpanato commented Feb 17, 2022

Summary

In the PR #1453 we added the YAML for cosigned, but that is not pushed to the GitHub release because it out of scope for Goreleaser and run outside

This PR joins the image generation using ko inside the Goreleaser job and runs as before hook and in the end, it pushed the YAML for cosigned to the release.

Rehersal: https://github.com/cpanato/cosign/releases/tag/v99.99.01

image:

$ cosign verify gcr.io/cpanato-general/cosign:v99.99.01

Verification for gcr.io/cpanato-general/cosign:v99.99.01 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.

[{"critical":{"identity":{"docker-reference":"gcr.io/cpanato-general/cosign"},"image":{"docker-manifest-digest":"sha256:12b564ea5e45881595f8e5a946a3e1bc08f57c2a9f507ed8e5ad1e8ed2a88a5a"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEUCIHkQ4FxKAozEDPBFZN8I8SAtcT8dNWn+YKdrrat0M2nhAiEAst2VTiuv7q7yOHNlzlodThLa9ba84Zx3jy9ZDWrIW4w=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZWM4NGM5YTEwMTJiZjljOTkzZmI3YjhiOWUzNzZlODU1ZDMyZGQzMTBmOTg1OGFiMTk1OTY0M2MzNDQ4NzVjIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURBZXhNWGRaT3c1TUlaQ0NQN3VJZEFIMzg0MDlHUjhCL3NWZEtDR1p0cnFRSWhBT3B5RnNtWHhVL3ZsY1V4NFdBRWVYVkJyZG9IQXBzN0dyOEdkWG9kNjBnSCIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTlFSRU5EUVdOUFowRjNTVUpCWjBsVlFVMXlTRkIzYmxkc05sUkVVM1ZQTmpjeFlXWnRMMFk1YjI4NGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1MycEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWtWM1JIZFpSRlpSVVVSRmQyaDZZVmRrZW1SSE9YbGFWRUZsUm5jd2VRcE5ha0Y1VFZSamVFNUVTVE5OUkVaaFJuY3dlVTFxUVhsTlZHTjRUa1JOTTAxRVFtRk5RazE0UlZSQlVFSm5UbFpDUVc5VVEwaE9jRm96VGpCaU0wcHNDazFHYTNkRmQxbElTMjlhU1hwcU1FTkJVVmxKUzI5YVNYcHFNRVJCVVdORVVXZEJSV0ZqVURsUmFGRmhkM1JwYVZCdWJTOVlSM0ZTUVZjelNISlplSFlLY2toQ1dHMVNaa1J0WTJ0SWFVSndSSGQxZGpKSU4zUkZURk5PVWpZNVJGWk9VVmxOT0VRck5FdEtTazFGZUU5elQyMUlhemcwTVZwdmNVOUNNMVJEUWdveWFrRlBRbWRPVmtoUk9FSkJaamhGUWtGTlEwSTBRWGRGZDFsRVZsSXdiRUpCZDNkRFoxbEpTM2RaUWtKUlZVaEJkMDEzUkVGWlJGWlNNRlJCVVVndkNrSkJTWGRCUkVGa1FtZE9Wa2hSTkVWR1oxRlZUR0ZoVlVkWGJVbHdTbFZOWmxKYWFERm9jbGR0TDBGa01XVTRkMGgzV1VSV1VqQnFRa0puZDBadlFWVUtWMDFCWlZnMVJrWndWMkZ3WlhONVVXOWFUV2t3UTNKR2VHWnZkMDluV1VSV1VqQlNRa1JOZDAxWlJYWmhNbFkxWWtkV2VtTXdRbXBqUjBaMVdWaFNkZ3BNVjJSc1ltMVdlVmxYZDNWaFYwWjBURzFrZWxwWVNqSmhWMDVzV1ZkT2FtSXpWblZrUXpWcVlqSXdkMHRSV1V0TGQxbENRa0ZIUkhaNlFVSkJVVkZpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxQmIwZERRM0ZIVTAwME9VSkJUVVJCTW1OQlRVZFJRMDFJVnpFS1ZIVkhTR3B0Tm1OVVlVNHpXR2c1YkVjNWVrUXZSVEIxSzJWcmNVSm5aWGRhTWs5R01qWjRSRU5UWlVGQ2RrdDNlVWRzZEhreFRWTk5NRmRMTlZGSmR3cFBURVpTWm5CSGMzZDNRa1JRTjJKdmMyOVVWVXRMUm5GM0wxTjFaR041TWs4MlZISkthMmxzTlhBNWVFeFRiWFJXUkU5bVpXRmpWM2xFTm5OWFlVTldDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsifX19fQ==","integratedTime":1645108024,"logIndex":1431264,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"GIT_HASH":"67e94647d83ee2fe44fa1903388d3524c7b70d07","GIT_VERSION":"v99.99.01","Issuer":"https://accounts.google.com","Subject":"keyless@cpanato-general.iam.gserviceaccount.com"}}]

/assign @dlorenc @k4leung4

also if this is running as part of ci validate job it ignore the ko build

Ticket Link

n/a

Release Note

NONE

k4leung4
k4leung4 approved these changes Feb 17, 2022
View reviewed changes
Copy link
Contributor

@k4leung4 k4leung4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing the issue I introduced.

@cpanato
Copy link
Member Author

cpanato commented Feb 17, 2022

Thanks for fixing the issue I introduced.

you did not introduce any issue

🌮 🎉

@cpanato
refactor release cloudbuild job
14daaf4 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@dlorenc dlorenc merged commit dadc378 into sigstore:main Feb 17, 2022
@github-actions github-actions bot added this to the v1.6.0 milestone Feb 17, 2022
@cpanato cpanato deleted the update-release2 branch February 18, 2022 08:20
cpanato added a commit to cpanato/cosign that referenced this pull request Feb 18, 2022
@cpanato
refactor release cloudbuild job (sigstore#1476)
ec01fe4 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@cpanato cpanato mentioned this pull request Feb 18, 2022
Merged
cpanato added a commit to cpanato/cosign that referenced this pull request Feb 18, 2022
@cpanato
refactor release cloudbuild job (sigstore#1476)
054ac27 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
cpanato added a commit that referenced this pull request Feb 18, 2022
@cpanato @k4leung4 @znewman01
cherry picks to release-1.5 branch (#1482)
52164f2 
* update cross-build to use go 1.17.7 (#1446)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update cross-build to use go 1.17.7 (#1446)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* convert release cosigned to also generate yaml artifact. (#1453)

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Double goreleaser timeout (#1472)

Fixes (hopefully) #1471

Signed-off-by: Zachary Newman <z@znewman.net>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* increase timeout for goreleaser snapshot (#1473)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* refactor release cloudbuild job (#1476)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: Kenny Leung <k4leung4@gmail.com>
Co-authored-by: Zack Newman <z@znewman.net>
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this pull request May 6, 2022
@cpanato @mlieberman85
refactor release cloudbuild job (sigstore#1476)
02e2181 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k4leung4 k4leung4 k4leung4 approved these changes

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.6.0
Development

Successfully merging this pull request may close these issues.
3 participants
@cpanato @dlorenc @k4leung4