Skip to content

Commit

Permalink
chore: disable docker sbom and attestations (#2528)
Browse files Browse the repository at this point in the history 
Signed-off-by: Justin Marquis <[email protected]>

Signed-off-by: Justin Marquis <[email protected]>
Signed-off-by: zachaller <[email protected]>
  • Loading branch information
@34fathombelow @zachaller
34fathombelow authored and zachaller committed Feb 24, 2023
1 parent 2a3d4a3 commit 9fe9f79
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 4 deletions.
58 changes: 56 additions & 2 deletions .github/workflows/docker-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,16 +79,70 @@ jobs:
echo "::set-output name=platform-matrix::$PLATFORM_MATRIX"
- name: Build and push (controller-image)
uses: docker/build-push-action@v3
uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0
with:
platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.controller-meta.outputs.tags }}
provenance: false
sbom: false

- name: Build and push (plugin-image)
uses: docker/build-push-action@v3
uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0
with:
target: kubectl-argo-rollouts
platforms: ${{ steps.platform-matrix.outputs.platform-matrix }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.plugin-meta.outputs.tags }}
provenance: false
sbom: false

- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.1'

- name: Install crane to get digest of image
uses: imjasonh/[email protected]

- name: Get digest of controller-image
run: |
if [[ "${{ github.ref == 'refs/heads/master' }}" ]]
then
echo "CONTROLLER_DIGEST=$(crane digest quay.io/argoproj/argo-rollouts:latest)" >> $GITHUB_ENV
fi
if [[ "${{ github.ref != 'refs/heads/master' }}" ]]
then
echo "CONTROLLER_DIGEST=$(crane digest ${{ steps.controller-meta.outputs.tags }})" >> $GITHUB_ENV
fi
if: github.event_name != 'pull_request'

- name: Get digest of plugin-image
run: |
if [[ "${{ github.ref == 'refs/heads/master' }}" ]]
then
echo "PLUGIN_DIGEST=$(crane digest quay.io/argoproj/kubectl-argo-rollouts:latest)" >> $GITHUB_ENV
fi
if [[ "${{ github.ref != 'refs/heads/master' }}" ]]
then
echo "PLUGIN_DIGEST=$(crane digest ${{ steps.plugin-meta.outputs.tags }})" >> $GITHUB_ENV
fi
if: github.event_name != 'pull_request'

- name: Sign Argo Rollouts Images
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argo-rollouts@${{ env.CONTROLLER_DIGEST }}
cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/kubectl-argo-rollouts@${{ env.PLUGIN_DIGEST }}
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ github.event_name == 'push' }}

- name: Display the public key to share.
run: |
# Displays the public key to share
cosign public-key --key env://COSIGN_PRIVATE_KEY
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ github.event_name == 'push' }}
8 changes: 6 additions & 2 deletions .github/workflows/release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,21 +76,25 @@ jobs:
password: ${{ secrets.QUAY_ROBOT_TOKEN }}

- name: Build and push (controller-image)
uses: docker/build-push-action@v2
uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.controller-meta.outputs.tags }}
provenance: false
sbom: false

- name: Build and push (plugin-image)
uses: docker/build-push-action@v2
uses: docker/build-push-action@37abcedcc1da61a57767b7588cb9d03eb57e28b3 # v3.3.0
with:
context: .
target: kubectl-argo-rollouts
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.plugin-meta.outputs.tags }}
provenance: false
sbom: false


release-artifacts:
Expand Down

0 comments on commit 9fe9f79

Please sign in to comment.