Skip to content

Commit

Permalink
remove 'ko deps' (#937)
Browse files Browse the repository at this point in the history
  • Loading branch information
@imjasonh
imjasonh authored Jan 18, 2023
1 parent 72e2752 commit 18d3a82
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 206 deletions.
14 changes: 1 addition & 13 deletions .github/workflows/kind-e2e.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,23 +59,11 @@ jobs:
run: |
set -o pipefail
IMAGE=$(ko build ./test)
SBOM=$(cosign download sbom ${IMAGE})
KO_DEPS=$(ko deps ${IMAGE})
echo '::group:: SBOM'
cosign download sbom $(ko build ./test)
echo "${SBOM}"
echo '::endgroup::'
echo '::group:: ko deps'
echo "${KO_DEPS}"
echo '::endgroup::'
if [ "${SBOM}" != "${KO_DEPS}" ] ; then
echo Wanted SBOM and 'ko deps' to match, got differences!
exit 1
fi
- name: Collect diagnostics and upload
if: ${{ failure() }}
uses: chainguard-dev/actions/kind-diag@84c993eaf02da1c325854fb272a4df9184bd80fc # main
38 changes: 6 additions & 32 deletions .github/workflows/sbom.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,27 +8,6 @@ env:
SPDX_TOOLS_VERSION: 1.1.0

jobs:
go-version-m:
name: Generate go version -m
runs-on: ubuntu-latest

env:
KO_DOCKER_REPO: localhost:1338

steps:
- uses: actions/setup-go@v3
with:
go-version: 1.18
check-latest: true
- uses: chainguard-dev/actions/setup-registry@main
- uses: actions/checkout@v3

- name: Generate
run: |
img=$(go run ./ build ./)
go run ./ deps $img --sbom=go.version-m > gomod.txt
cat gomod.txt
cyclonedx:
name: Validate CycloneDX SBOM
runs-on: ubuntu-latest
Expand All @@ -42,6 +21,7 @@ jobs:
go-version: 1.18
check-latest: true
- uses: chainguard-dev/actions/setup-registry@main
- uses: sigstore/[email protected]
- uses: actions/checkout@v3

- name: Install CycloneDX
Expand All @@ -51,8 +31,7 @@ jobs:
- name: Generate and Validate
run: |
img=$(go run ./ build ./)
go run ./ deps $img --sbom=cyclonedx > cyclonedx.json
cosign download sbom $(go run ./ build --sbom=cyclonedx) | tee cyclonedx.json
./cyclonedx-linux-x64 validate --input-file=cyclonedx.json --fail-on-errors
- uses: actions/upload-artifact@v3
Expand All @@ -74,6 +53,7 @@ jobs:
go-version: 1.18
check-latest: true
- uses: chainguard-dev/actions/setup-registry@main
- uses: sigstore/[email protected]
- uses: actions/checkout@v3

- name: Install SPDX Tools
Expand All @@ -83,9 +63,7 @@ jobs:
- name: Generate and Validate
run: |
img=$(go run ./ build ./)
go run ./ deps $img --sbom=spdx | tee spdx.json
cosign download sbom $(go run ./ build) | tee spdx.json
java -jar ./tools-java-${SPDX_TOOLS_VERSION}-jar-with-dependencies.jar Verify spdx.json
- uses: actions/upload-artifact@v3
Expand All @@ -107,21 +85,17 @@ jobs:
go-version: 1.18
check-latest: true
- uses: chainguard-dev/actions/setup-registry@main
- uses: sigstore/[email protected]
- uses: actions/checkout@v3

- name: Install SPDX Tools
run: |
wget https://github.com/spdx/tools-java/releases/download/v${SPDX_TOOLS_VERSION}/tools-java-${SPDX_TOOLS_VERSION}.zip
unzip tools-java-${SPDX_TOOLS_VERSION}.zip
- name: Install Cosign
uses: sigstore/[email protected]
with:
cosign-release: 'v1.7.2'

- name: Generate and Validate
run: |
img=$(go run ./ build --platform=linux/amd64,linux/arm64 ./)
img=$(go run ./ build --platform=linux/amd64,linux/arm64)
cosign download sbom $img | tee spdx-multi-arch.json
java -jar ./tools-java-${SPDX_TOOLS_VERSION}-jar-with-dependencies.jar Verify spdx-multi-arch.json
Expand Down
1 change: 0 additions & 1 deletion pkg/commands/commands.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ func AddKubeCommands(topLevel *cobra.Command) {
addResolve(topLevel)
addBuild(topLevel)
addRun(topLevel)
addDeps(topLevel)
}

// check if kubectl is installed
Expand Down
160 changes: 0 additions & 160 deletions pkg/commands/deps.go
View file

This file was deleted.

0 comments on commit 18d3a82

Please sign in to comment.