mirror of
https://github.com/kairos-io/provider-k3s.git
synced 2025-10-21 13:38:38 +00:00
fixed cosign on publish
This commit is contained in:
9
.github/workflows/publish.yaml
vendored
9
.github/workflows/publish.yaml
vendored
@@ -20,12 +20,19 @@ jobs:
|
||||
- v1.23.9+k3s1
|
||||
- v1.22.11+k3s2
|
||||
- v1.21.14+k3s1
|
||||
env:
|
||||
REGISTRY: quay.io
|
||||
REGISTRY_USER: ${{ secrets.QUAY_USERNAME }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: docker-practice/actions-setup-docker@master
|
||||
- uses: earthly/actions-setup@v1
|
||||
with:
|
||||
version: "latest"
|
||||
- run: echo ${{ secrets.QUAY_PASSWORD }} | docker login -u ${{ secrets.QUAY_USERNAME }} --password-stdin quay.io
|
||||
- run: echo $REGISTRY_PASSWORD | docker login -u $REGISTRY_USER --password-stdin $REGISTRY
|
||||
- run: env | grep ACTIONS_ID_TOKEN_REQUEST > .env
|
||||
- run: env | grep REGISTRY >> .env
|
||||
- run: earthly --ci --push +docker --K3S_VERSION=${{ matrix.k3s-version }} --BASE_IMAGE=${{ matrix.base-image }}
|
||||
- run: earthly --ci +cosign --K3S_VERSION=${{ matrix.k3s-version }} --BASE_IMAGE=${{ matrix.base-image }}
|
||||
|
||||
|
39
Earthfile
39
Earthfile
@@ -8,6 +8,11 @@ ARG LUET_VERSION=0.32.4
|
||||
ARG GOLINT_VERSION=v1.46.2
|
||||
ARG GOLANG_VERSION=1.18
|
||||
|
||||
ARG K3S_VERSION=latest
|
||||
ARG BASE_IMAGE_NAME=$(echo $BASE_IMAGE | grep -o [^/]*: | rev | cut -c2- | rev)
|
||||
ARG BASE_IMAGE_TAG=$(echo $BASE_IMAGE | grep -o :.* | cut -c2-)
|
||||
ARG K3S_VERSION_TAG=$(echo $K3S_VERSION | sed s/+/-/)
|
||||
|
||||
build-cosign:
|
||||
FROM gcr.io/projectsigstore/cosign:v1.9.0
|
||||
SAVE ARTIFACT /ko-app/cosign cosign
|
||||
@@ -54,11 +59,6 @@ lint:
|
||||
RUN golangci-lint run
|
||||
|
||||
docker:
|
||||
ARG K3S_VERSION=latest
|
||||
ARG BASE_IMAGE_NAME=$(echo $BASE_IMAGE | grep -o [^/]*: | rev | cut -c2- | rev)
|
||||
ARG BASE_IMAGE_TAG=$(echo $BASE_IMAGE | grep -o :.* | cut -c2-)
|
||||
ARG K3S_VERSION_TAG=$(echo $K3S_VERSION | sed s/+/-/)
|
||||
|
||||
DO +VERSION
|
||||
ARG VERSION=$(cat VERSION)
|
||||
|
||||
@@ -89,15 +89,30 @@ docker:
|
||||
SAVE IMAGE --push $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION}
|
||||
|
||||
cosign:
|
||||
ARG GITHUB_TOKEN
|
||||
ARG --required ACTIONS_ID_TOKEN_REQUEST_TOKEN
|
||||
ARG --required ACTIONS_ID_TOKEN_REQUEST_URL
|
||||
|
||||
FROM alpine
|
||||
ARG --required REGISTRY
|
||||
ARG --required REGISTRY_USER
|
||||
ARG --required REGISTRY_PASSWORD
|
||||
|
||||
DO +VERSION
|
||||
ARG VERSION=$(cat VERSION)
|
||||
|
||||
FROM docker
|
||||
|
||||
ENV ACTIONS_ID_TOKEN_REQUEST_TOKEN=${ACTIONS_ID_TOKEN_REQUEST_TOKEN}
|
||||
ENV ACTIONS_ID_TOKEN_REQUEST_URL=${ACTIONS_ID_TOKEN_REQUEST_URL}
|
||||
|
||||
ENV REGISTRY=${REGISTRY}
|
||||
ENV REGISTRY_USER=${REGISTRY_USER}
|
||||
ENV REGISTRY_PASSWORD=${REGISTRY_PASSWORD}
|
||||
|
||||
ENV COSIGN_EXPERIMENTAL=1
|
||||
COPY +build-cosign/cosign /usr/local/bin/
|
||||
|
||||
ENV GITHUB_TOKEN=${GITHUB_TOKEN}
|
||||
ENV COSIGN_EXPERIMENTAL=true
|
||||
RUN echo $REGISTRY_PASSWORD | docker login -u $REGISTRY_USER --password-stdin $REGISTRY
|
||||
|
||||
RUN cosign sign +docker/$IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}
|
||||
RUN cosign sign +docker/$IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}
|
||||
RUN cosign sign +docker/$IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION}
|
||||
RUN cosign sign $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}
|
||||
RUN cosign sign $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}
|
||||
RUN cosign sign $IMAGE_REPOSITORY/${BASE_IMAGE_NAME}-k3s:${BASE_IMAGE_TAG}_${K3S_VERSION_TAG}_${VERSION}
|
||||
|
Reference in New Issue
Block a user