Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

release: add cloudbuild to run the release for fulcio #322

Merged
merged 2 commits into from Jan 13, 2022
Merged

release: add cloudbuild to run the release for fulcio #322

merged 2 commits into from Jan 13, 2022

Conversation

cpanato
Copy link
Member

@cpanato cpanato commented Jan 12, 2022
edited

Summary

  • similar we do for rekor and cosing this PR adds the release makefile rules to build/release fulcio using GCP Cloudbuild and goreleaser

this also generate the multi arch binaries and images for linux and generate the SBOM using syft together with signing using cosign

Rehersal

$ crane manifest gcr.io/cpanato-general/fulcio:v99.99.99                                                                                                                                                                                                                                                                                                                                                                           [68/1418]
{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1123,
         "digest": "sha256:773d8139aeff915a0d1c956ea17feab783d091f22e85a634e7054da167e1d479",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1123,
         "digest": "sha256:cf51df9754da648bcd5f38627fe789d44e6db24e39278c2b05b82a2d9db36ef7",
         "platform": {
            "architecture": "arm",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1123,
         "digest": "sha256:5beea4ad3b25febd8437188193c3f179911bc4b29d0866a89986682362df3fac",
         "platform": {
            "architecture": "arm64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1123,
         "digest": "sha256:21f8383e1eb071729dc9783992f7fea9e7643289b6fc85e9faa12f82db7d7686",
         "platform": {
            "architecture": "ppc64le",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 1123,
         "digest": "sha256:b16ee2f8728643f947b9ea43ea15f351c27eaabfdddcc1acd3c72132883c5e2b",
         "platform": {
            "architecture": "s390x",
            "os": "linux"
         }
      }
   ]
}
$ docker run gcr.io/cpanato-general/fulcio:v99.99.99 version
Unable to find image 'gcr.io/cpanato-general/fulcio:v99.99.99' locally
v99.99.99: Pulling from cpanato-general/fulcio
ab2f6dae3b54: Pull complete
9411f38bb959: Pull complete
250c06f7c38e: Pull complete
1eeafa7d35fd: Pull complete
Digest: sha256:37dddafe4ff2539b574670467f17a3754d96d37c7ac09c5a65bc693534cef22e
Status: Downloaded newer image for gcr.io/cpanato-general/fulcio:v99.99.99
GitVersion:    v99.99.99
GitCommit:     ef66c30284850132d7205bc88d832cb7a1606db8
GitTreeState:  clean
BuildDate:     '2022-01-12T13:01:38Z'
GoVersion:     go1.17.6
Compiler:      gc
Platform:      linux/amd64

Ticket Link

n/a

Release Note

release: add cloudbuild to run the release for fulcio

@cpanato
add cloudbuild to run the release for fulcio
c17f329 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@cpanato
Copy link
Member Author

cpanato commented Jan 12, 2022

@dlorenc we need to add the bot (@sigstore-bot) in this repo as we did for the others and create a GCP Bucket called fulcio-releases similar we have for cosign and rekor

@cpanato cpanato force-pushed the release branch 7 times, most recently from f96474d to e76c00c Compare January 12, 2022 14:07
@cpanato
fix tests
fe4e08b 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@bobcallaway
Copy link
Member

@dlorenc we need to add the bot (@sigstore-bot) in this repo as we did for the others and create a GCP Bucket called fulcio-releases similar we have for cosign and rekor

the GCP bucket now exists with same permissions as cosign-releases

bobcallaway
bobcallaway approved these changes Jan 12, 2022
View reviewed changes
Copy link
Member

@bobcallaway bobcallaway left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

.github/workflows/validate-release.yml
Comment on lines +42 to +45
- uses: actions/checkout@v2.4.0
- name: Extract version of Go to use
run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | sed -r 's/^.*://g'| uniq)" >> $GITHUB_ENV
- uses: actions/setup-go@v2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

depending on what merges first this may break
#323

@dlorenc dlorenc merged commit 6f40e90 into sigstore:main Jan 13, 2022
@cpanato cpanato deleted the release branch January 13, 2022 10:51
@cpanato
Copy link
Member Author

cpanato commented Jan 13, 2022

@bobcallaway @dlorenc does the bot was added to the repo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bobcallaway bobcallaway bobcallaway approved these changes

@dlorenc dlorenc Awaiting requested review from dlorenc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@cpanato @bobcallaway @dlorenc