Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mirror signed release images from GCR to GHCR as part of release with Cloud Build. #441

Merged
merged 1 commit into from Mar 2, 2022
Merged

Mirror signed release images from GCR to GHCR as part of release with Cloud Build. #441

merged 1 commit into from Mar 2, 2022

Conversation

k4leung4
Copy link
Contributor

@k4leung4 k4leung4 commented Mar 1, 2022

Summary

Copy signed released image from GCR to GHCR using cosign cli copy command.
This will ensure the signature will be the same between the two registry.

@cpanato I had to plumb a new GITHUB_USER env var to allow docker auth to copy image from GCR to GHCR. Not sure if there is a better way or not. Please take a look.

Ticket Link

Fixes #421

Release Note

Signed release images will now be available in GitHub Container Registry

@k4leung4 k4leung4 requested a review from cpanato March 1, 2022 20:25
cpanato
cpanato approved these changes Mar 2, 2022
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will check if the sigstore bot has the token with the write/read the packages enable to be able to push the images to ghcr.io

release/README.md Outdated
@@ -86,6 +86,7 @@ One time setup in ./hack/github-oidc-setup.sh. This is to provide GitHub actions
- `_KEY_NAME` key name of your cosign key.
- `_KEY_VERSION` version of the key storaged in KMS. Default `1`.
- `_KEY_LOCATION` location in GCP where the key is storaged. Default `global`.
- `_GITHUB_USER` GitHub user to authenticate for pushing to GHCR.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: align with the other items

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed. thanks

@k4leung4
Add step in release to mirror signed image to ghcr
c7266fa 
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
@k4leung4
Copy link
Contributor Author

k4leung4 commented Mar 2, 2022

thank you for checking.

@dlorenc dlorenc merged commit 0e7768f into sigstore:main Mar 2, 2022
@cpanato
Copy link
Member

cpanato commented Mar 3, 2022

and the bot have the correct permissions :)

@k4leung4 k4leung4 deleted the ghcr branch March 4, 2022 00:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Publish container images to Github container registry
3 participants
@k4leung4 @cpanato @dlorenc