kairos/provider-k3s
1
0
Fork 0
mirror of https://github.com/kairos-io/provider-k3s.git synced 2025-10-21 13:38:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed cosign on publish

Browse Source
This commit is contained in:
Jacob Payne
2022-08-10 08:30:16 -07:00
parent 509d4e5c9e
commit 53f1bfc534
2 changed files with 36 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/publish.yaml vendored
View File

@@ -20,12 +20,19 @@ jobs:
- v1.23.9+k3s1 - v1.23.9+k3s1
- v1.22.11+k3s2 - v1.22.11+k3s2
- v1.21.14+k3s1 - v1.21.14+k3s1
env:
REGISTRY: quay.io
REGISTRY_USER: ${{ secrets.QUAY_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: docker-practice/actions-setup-docker@master - uses: docker-practice/actions-setup-docker@master
- uses: earthly/actions-setup@v1 - uses: earthly/actions-setup@v1
with: with:
version: "latest" version: "latest"
- run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io - run: echo $REGISTRY_PASSWORD | docker login -u $REGISTRY_USER --password-stdin $REGISTRY
- run: env | grep ACTIONS_ID_TOKEN_REQUEST > .env
- run: env | grep REGISTRY >> .env
- run: earthly --ci --push +docker --K3S_VERSION=${{ matrix.k3s-version }} --BASE_IMAGE=${{ matrix.base-image }} - run: earthly --ci --push +docker --K3S_VERSION=${{ matrix.k3s-version }} --BASE_IMAGE=${{ matrix.base-image }}
- run: earthly --ci +cosign --K3S_VERSION=${{ matrix.k3s-version }} --BASE_IMAGE=${{ matrix.base-image }} - run: earthly --ci +cosign --K3S_VERSION=${{ matrix.k3s-version }} --BASE_IMAGE=${{ matrix.base-image }}

39
Earthfile
View File

@@ -8,6 +8,11 @@ ARG LUET_VERSION=0.32.4
ARG GOLINT_VERSION=v1.46.2 ARG GOLINT_VERSION=v1.46.2
ARG GOLANG_VERSION=1.18 ARG GOLANG_VERSION=1.18
ARG K3S_VERSION=latest
ARG BASE_IMAGE_NAME=$(echo $BASE_IMAGE | grep -o [^/]*: | rev | cut -c2- | rev)
ARG BASE_IMAGE_TAG=$(echo $BASE_IMAGE | grep -o :.* | cut -c2-)
ARG K3S_VERSION_TAG=$(echo $K3S_VERSION | sed s/+/-/)
build-cosign: build-cosign:
FROM gcr.io/projectsigstore/cosign:v1.9.0 FROM gcr.io/projectsigstore/cosign:v1.9.0
SAVE ARTIFACT /ko-app/cosign cosign SAVE ARTIFACT /ko-app/cosign cosign
@@ -54,11 +59,6 @@ lint:
RUN golangci-lint run RUN golangci-lint run
docker: docker:
ARG K3S_VERSION=latest
ARG BASE_IMAGE_NAME=$(echo $BASE_IMAGE | grep -o [^/]*: | rev | cut -c2- | rev)
ARG BASE_IMAGE_TAG=$(echo $BASE_IMAGE | grep -o :.* | cut -c2-)
ARG K3S_VERSION_TAG=$(echo $K3S_VERSION | sed s/+/-/)
DO +VERSION DO +VERSION
ARG VERSION=$(cat VERSION) ARG VERSION=$(cat VERSION)
@@ -89,15 +89,30 @@ docker:
SAVE IMAGE --push $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION} SAVE IMAGE --push $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION}
cosign: cosign:
ARG GITHUB_TOKEN ARG --required ACTIONS_ID_TOKEN_REQUEST_TOKEN
ARG --required ACTIONS_ID_TOKEN_REQUEST_URL
FROM alpine ARG --required REGISTRY
ARG --required REGISTRY_USER
ARG --required REGISTRY_PASSWORD
DO +VERSION
ARG VERSION=$(cat VERSION)
FROM docker
ENV ACTIONS_ID_TOKEN_REQUEST_TOKEN=${ACTIONS_ID_TOKEN_REQUEST_TOKEN}
ENV ACTIONS_ID_TOKEN_REQUEST_URL=${ACTIONS_ID_TOKEN_REQUEST_URL}
ENV REGISTRY=${REGISTRY}
ENV REGISTRY_USER=${REGISTRY_USER}
ENV REGISTRY_PASSWORD=${REGISTRY_PASSWORD}
ENV COSIGN_EXPERIMENTAL=1
COPY +build-cosign/cosign /usr/local/bin/ COPY +build-cosign/cosign /usr/local/bin/
ENV GITHUB_TOKEN=${GITHUB_TOKEN} RUN echo $REGISTRY_PASSWORD | docker login -u $REGISTRY_USER --password-stdin $REGISTRY
ENV COSIGN_EXPERIMENTAL=true
RUN cosign sign +docker/$IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG} RUN cosign sign $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}
RUN cosign sign +docker/$IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG} RUN cosign sign $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}
RUN cosign sign +docker/$IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION} RUN cosign sign $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION}