Skip to content

Commit

Permalink
fix indentation and cosign verify command (#2706)
Browse files Browse the repository at this point in the history 
Signed-off-by: cpanato <[email protected]>
  • Loading branch information
@cpanato
cpanato authored Feb 10, 2023
1 parent 01bd21d commit f708d39
Showing 1 changed file with 79 additions and 75 deletions.
154 changes: 79 additions & 75 deletions release/cloudbuild.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,98 +16,102 @@
timeout: 3600s

steps:
- name: gcr.io/cloud-builders/git
dir: "go/src/sigstore"
args:
- "clone"
- "https://github.com/${_TOOL_ORG}/${_TOOL_REPO}"
- name: gcr.io/cloud-builders/git
dir: "go/src/sigstore"
args:
- "clone"
- "https://github.com/${_TOOL_ORG}/${_TOOL_REPO}"

- name: gcr.io/cloud-builders/git
entrypoint: "bash"
dir: "go/src/sigstore/cosign"
args:
- '-c'
- |
git fetch
echo "Checking out ${_GIT_TAG}"
git checkout ${_GIT_TAG}
- name: gcr.io/cloud-builders/git
entrypoint: "bash"
dir: "go/src/sigstore/cosign"
args:
- '-c'
- |
git fetch
echo "Checking out ${_GIT_TAG}"
git checkout ${_GIT_TAG}
- name: 'gcr.io/projectsigstore/cosign:v2.0.0-rc.1@sha256:12d365ed4ee9bb32ba8a0fd16f6c5eae5229dc50e8d62460312cca0b5b7e0457'
dir: "go/src/sigstore/cosign"
env:
- TUF_ROOT=/tmp
args:
- 'verify'
- 'ghcr.io/gythialy/golang-cross:v1.20.0-0@sha256:d50b48a7cf2b90f70e35da6d7419b7b16ed29a10f3175a2c849ef2956d485aae'
- name: 'gcr.io/projectsigstore/cosign:v2.0.0-rc.1@sha256:12d365ed4ee9bb32ba8a0fd16f6c5eae5229dc50e8d62460312cca0b5b7e0457'
dir: "go/src/sigstore/cosign"
env:
- TUF_ROOT=/tmp
args:
- 'verify'
- 'ghcr.io/gythialy/golang-cross:v1.20.0-0@sha256:d50b48a7cf2b90f70e35da6d7419b7b16ed29a10f3175a2c849ef2956d485aae'
- '--certificate-oidc-issuer'
- "https://token.actions.githubusercontent.com"
- '--certificate-identity'
- "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.20.0-0"

# maybe we can build our own image and use that to be more in a safe side
- name: ghcr.io/gythialy/golang-cross:v1.20.0-0@sha256:d50b48a7cf2b90f70e35da6d7419b7b16ed29a10f3175a2c849ef2956d485aae
entrypoint: /bin/sh
dir: "go/src/sigstore/cosign"
env:
- "GOPATH=/workspace/go"
- "GOBIN=/workspace/bin"
- PROJECT_ID=${PROJECT_ID}
- KEY_LOCATION=${_KEY_LOCATION}
- KEY_RING=${_KEY_RING}
- KEY_NAME=${_KEY_NAME}
- KEY_VERSION=${_KEY_VERSION}
- GIT_TAG=${_GIT_TAG}
- GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
- COSIGN_YES=true
- KO_PREFIX=gcr.io/${PROJECT_ID}
secretEnv:
- GITHUB_TOKEN
args:
- '-c'
- |
gcloud auth configure-docker \
&& make release
# maybe we can build our own image and use that to be more in a safe side
- name: ghcr.io/gythialy/golang-cross:v1.20.0-0@sha256:d50b48a7cf2b90f70e35da6d7419b7b16ed29a10f3175a2c849ef2956d485aae
entrypoint: /bin/sh
dir: "go/src/sigstore/cosign"
env:
- "GOPATH=/workspace/go"
- "GOBIN=/workspace/bin"
- PROJECT_ID=${PROJECT_ID}
- KEY_LOCATION=${_KEY_LOCATION}
- KEY_RING=${_KEY_RING}
- KEY_NAME=${_KEY_NAME}
- KEY_VERSION=${_KEY_VERSION}
- GIT_TAG=${_GIT_TAG}
- GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
- COSIGN_YES=true
- KO_PREFIX=gcr.io/${PROJECT_ID}
secretEnv:
- GITHUB_TOKEN
args:
- '-c'
- |
gcloud auth configure-docker \
&& make release
- name: ghcr.io/gythialy/golang-cross:v1.20.0-0@sha256:d50b48a7cf2b90f70e35da6d7419b7b16ed29a10f3175a2c849ef2956d485aae
entrypoint: 'bash'
dir: "go/src/sigstore/cosign"
env:
- "GOPATH=/workspace/go"
- "GOBIN=/workspace/bin"
- PROJECT_ID=${PROJECT_ID}
- KEY_LOCATION=${_KEY_LOCATION}
- KEY_RING=${_KEY_RING}
- KEY_NAME=${_KEY_NAME}
- KEY_VERSION=${_KEY_VERSION}
- GIT_TAG=${_GIT_TAG}
- KO_PREFIX=gcr.io/${PROJECT_ID}
- COSIGN_YES=true
- GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
- GITHUB_USER=${_GITHUB_USER}
secretEnv:
- GITHUB_TOKEN
args:
- '-c'
- |
echo $$GITHUB_TOKEN | docker login ghcr.io -u $$GITHUB_USER --password-stdin \
&& make copy-signed-release-to-ghcr || true
- name: ghcr.io/gythialy/golang-cross:v1.20.0-0@sha256:d50b48a7cf2b90f70e35da6d7419b7b16ed29a10f3175a2c849ef2956d485aae
entrypoint: 'bash'
dir: "go/src/sigstore/cosign"
env:
- "GOPATH=/workspace/go"
- "GOBIN=/workspace/bin"
- PROJECT_ID=${PROJECT_ID}
- KEY_LOCATION=${_KEY_LOCATION}
- KEY_RING=${_KEY_RING}
- KEY_NAME=${_KEY_NAME}
- KEY_VERSION=${_KEY_VERSION}
- GIT_TAG=${_GIT_TAG}
- KO_PREFIX=gcr.io/${PROJECT_ID}
- COSIGN_YES=true
- GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
- GITHUB_USER=${_GITHUB_USER}
secretEnv:
- GITHUB_TOKEN
args:
- '-c'
- |
echo $$GITHUB_TOKEN | docker login ghcr.io -u $$GITHUB_USER --password-stdin \
&& make copy-signed-release-to-ghcr || true
availableSecrets:
secretManager:
- versionName: projects/${PROJECT_NUMBER}/secrets/GITHUB_TOKEN/versions/latest
env: GITHUB_TOKEN
- versionName: projects/${PROJECT_NUMBER}/secrets/GITHUB_TOKEN/versions/latest
env: GITHUB_TOKEN

artifacts:
objects:
location: 'gs://${_STORAGE_LOCATION}/${_GIT_TAG}'
paths:
- "go/src/sigstore/cosign/dist/*"
- "go/src/sigstore/cosign/release/release-cosign.pub"
- "go/src/sigstore/cosign/dist/*"
- "go/src/sigstore/cosign/release/release-cosign.pub"

options:
machineType: E2_HIGHCPU_32

tags:
- cosign-release
- ${_GIT_TAG}
- ${_TOOL_ORG}
- ${_TOOL_REPO}
- cosign-release
- ${_GIT_TAG}
- ${_TOOL_ORG}
- ${_TOOL_REPO}

substitutions:
_GIT_TAG: 'v1.23.45'
Expand Down

0 comments on commit f708d39

Please sign in to comment.