Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor release cloudbuild job #1476

Merged
merged 1 commit into from Feb 17, 2022
Merged

Conversation

cpanato
Copy link
Member

@cpanato cpanato commented Feb 17, 2022

Summary

In the PR #1453 we added the YAML for cosigned, but that is not pushed to the GitHub release because it out of scope for Goreleaser and run outside

This PR joins the image generation using ko inside the Goreleaser job and runs as before hook and in the end, it pushed the YAML for cosigned to the release.

Rehersal: https://github.com/cpanato/cosign/releases/tag/v99.99.01

image:

$ cosign verify gcr.io/cpanato-general/cosign:v99.99.01

Verification for gcr.io/cpanato-general/cosign:v99.99.01 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - Existence of the claims in the transparency log was verified offline
  - Any certificates were verified against the Fulcio roots.

[{"critical":{"identity":{"docker-reference":"gcr.io/cpanato-general/cosign"},"image":{"docker-manifest-digest":"sha256:12b564ea5e45881595f8e5a946a3e1bc08f57c2a9f507ed8e5ad1e8ed2a88a5a"},"type":"cosign container image signature"},"optional":{"Bundle":{"SignedEntryTimestamp":"MEUCIHkQ4FxKAozEDPBFZN8I8SAtcT8dNWn+YKdrrat0M2nhAiEAst2VTiuv7q7yOHNlzlodThLa9ba84Zx3jy9ZDWrIW4w=","Payload":{"body":"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI1ZWM4NGM5YTEwMTJiZjljOTkzZmI3YjhiOWUzNzZlODU1ZDMyZGQzMTBmOTg1OGFiMTk1OTY0M2MzNDQ4NzVjIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURBZXhNWGRaT3c1TUlaQ0NQN3VJZEFIMzg0MDlHUjhCL3NWZEtDR1p0cnFRSWhBT3B5RnNtWHhVL3ZsY1V4NFdBRWVYVkJyZG9IQXBzN0dyOEdkWG9kNjBnSCIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTlFSRU5EUVdOUFowRjNTVUpCWjBsVlFVMXlTRkIzYmxkc05sUkVVM1ZQTmpjeFlXWnRMMFk1YjI4NGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1MycEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWtWM1JIZFpSRlpSVVVSRmQyaDZZVmRrZW1SSE9YbGFWRUZsUm5jd2VRcE5ha0Y1VFZSamVFNUVTVE5OUkVaaFJuY3dlVTFxUVhsTlZHTjRUa1JOTTAxRVFtRk5RazE0UlZSQlVFSm5UbFpDUVc5VVEwaE9jRm96VGpCaU0wcHNDazFHYTNkRmQxbElTMjlhU1hwcU1FTkJVVmxKUzI5YVNYcHFNRVJCVVdORVVXZEJSV0ZqVURsUmFGRmhkM1JwYVZCdWJTOVlSM0ZTUVZjelNISlplSFlLY2toQ1dHMVNaa1J0WTJ0SWFVSndSSGQxZGpKSU4zUkZURk5PVWpZNVJGWk9VVmxOT0VRck5FdEtTazFGZUU5elQyMUlhemcwTVZwdmNVOUNNMVJEUWdveWFrRlBRbWRPVmtoUk9FSkJaamhGUWtGTlEwSTBRWGRGZDFsRVZsSXdiRUpCZDNkRFoxbEpTM2RaUWtKUlZVaEJkMDEzUkVGWlJGWlNNRlJCVVVndkNrSkJTWGRCUkVGa1FtZE9Wa2hSTkVWR1oxRlZUR0ZoVlVkWGJVbHdTbFZOWmxKYWFERm9jbGR0TDBGa01XVTRkMGgzV1VSV1VqQnFRa0puZDBadlFWVUtWMDFCWlZnMVJrWndWMkZ3WlhONVVXOWFUV2t3UTNKR2VHWnZkMDluV1VSV1VqQlNRa1JOZDAxWlJYWmhNbFkxWWtkV2VtTXdRbXBqUjBaMVdWaFNkZ3BNVjJSc1ltMVdlVmxYZDNWaFYwWjBURzFrZWxwWVNqSmhWMDVzV1ZkT2FtSXpWblZrUXpWcVlqSXdkMHRSV1V0TGQxbENRa0ZIUkhaNlFVSkJVVkZpQ21GSVVqQmpTRTAyVEhrNWFGa3lUblprVnpVd1kzazFibUl5T1c1aVIxVjFXVEk1ZEUxQmIwZERRM0ZIVTAwME9VSkJUVVJCTW1OQlRVZFJRMDFJVnpFS1ZIVkhTR3B0Tm1OVVlVNHpXR2c1YkVjNWVrUXZSVEIxSzJWcmNVSm5aWGRhTWs5R01qWjRSRU5UWlVGQ2RrdDNlVWRzZEhreFRWTk5NRmRMTlZGSmR3cFBURVpTWm5CSGMzZDNRa1JRTjJKdmMyOVVWVXRMUm5GM0wxTjFaR041TWs4MlZISkthMmxzTlhBNWVFeFRiWFJXUkU5bVpXRmpWM2xFTm5OWFlVTldDaTB0TFMwdFJVNUVJRU5GVWxSSlJrbERRVlJGTFMwdExTMEsifX19fQ==","integratedTime":1645108024,"logIndex":1431264,"logID":"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"}},"GIT_HASH":"67e94647d83ee2fe44fa1903388d3524c7b70d07","GIT_VERSION":"v99.99.01","Issuer":"https://accounts.google.com","Subject":"keyless@cpanato-general.iam.gserviceaccount.com"}}]

/assign @dlorenc @k4leung4

also if this is running as part of ci validate job it ignore the ko build

Ticket Link

n/a

Release Note

NONE

Copy link
Contributor

@k4leung4 k4leung4 left a comment

Thanks for fixing the issue I introduced.

@cpanato
Copy link
Member Author

cpanato commented Feb 17, 2022

Thanks for fixing the issue I introduced.

you did not introduce any issue

🌮 🎉

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@dlorenc dlorenc merged commit dadc378 into sigstore:main Feb 17, 2022
21 checks passed
@github-actions github-actions bot added this to the v1.6.0 milestone Feb 17, 2022
@cpanato cpanato deleted the update-release2 branch Feb 18, 2022
cpanato added a commit to cpanato/cosign that referenced this issue Feb 18, 2022
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
cpanato added a commit to cpanato/cosign that referenced this issue Feb 18, 2022
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
cpanato added a commit that referenced this issue Feb 18, 2022
* update cross-build to use go 1.17.7 (#1446)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* update cross-build to use go 1.17.7 (#1446)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* convert release cosigned to also generate yaml artifact. (#1453)

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* Double goreleaser timeout (#1472)

Fixes (hopefully) #1471

Signed-off-by: Zachary Newman <z@znewman.net>
Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* increase timeout for goreleaser snapshot (#1473)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* refactor release cloudbuild job (#1476)

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Co-authored-by: Kenny Leung <k4leung4@gmail.com>
Co-authored-by: Zack Newman <z@znewman.net>
mlieberman85 pushed a commit to mlieberman85/cosign that referenced this issue May 6, 2022
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants