From 51dcdcd1f4bdc00aac0c40f52b803af861b02dc7 Mon Sep 17 00:00:00 2001 From: Carlos Panato <ctadeu@gmail.com> Date: Fri, 4 Feb 2022 14:41:56 +0100 Subject: [PATCH] update cosign and cross-build image for the release job Signed-off-by: Carlos Panato <ctadeu@gmail.com> --- .github/workflows/validate-release.yml | 4 ++-- .goreleaser.yml | 2 +- release/cloudbuild.yaml | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 486e069ed4a..f27088f6602 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -39,8 +39,8 @@ jobs: statuses: none env: - CROSS_BUILDER_IMAGE: ghcr.io/gythialy/golang-cross:v1.17.6-2@sha256:c03303287982360025dda196af6006fc5d1870955115efa8990d7278d8bfb7e9 - COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.4.1@sha256:502d5130431e45f28c51d2c24a05ef5ccd3fd916bcc91db0c8bee3a81e09a0bb + CROSS_BUILDER_IMAGE: ghcr.io/gythialy/golang-cross:v1.17.6-3@sha256:312ac8449408302e5fdde452578607cff075bc80052f4526254cd25fa96ce9e0 + COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.5.1@sha256:6247b2e693b0e6a62dcfa75eb46b698c1f4cd1aca36aaefafd4bbb2f2b2af717 steps: - uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 #v2.4.0 diff --git a/.goreleaser.yml b/.goreleaser.yml index ef7680dbff7..0bdc1e95caa 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -246,7 +246,7 @@ release: owner: sigstore name: cosign footer: | - ### Thanks for all contributors! + ### Thanks to all contributors! extra_files: - glob: "./release/release-cosign.pub" diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 450e8b63331..2104c8419d4 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -32,17 +32,17 @@ steps: echo "Checking out ${_GIT_TAG}" git checkout ${_GIT_TAG} -- name: 'gcr.io/projectsigstore/cosign:v1.4.1@sha256:502d5130431e45f28c51d2c24a05ef5ccd3fd916bcc91db0c8bee3a81e09a0bb' +- name: 'gcr.io/projectsigstore/cosign:v1.5.1@sha256:6247b2e693b0e6a62dcfa75eb46b698c1f4cd1aca36aaefafd4bbb2f2b2af717' dir: "go/src/sigstore/cosign" env: - COSIGN_EXPERIMENTAL=true - TUF_ROOT=/tmp args: - 'verify' - - 'ghcr.io/gythialy/golang-cross:v1.17.6-2@sha256:c03303287982360025dda196af6006fc5d1870955115efa8990d7278d8bfb7e9' + - 'ghcr.io/gythialy/golang-cross:v1.17.6-3@sha256:312ac8449408302e5fdde452578607cff075bc80052f4526254cd25fa96ce9e0' # maybe we can build our own image and use that to be more in a safe side -- name: ghcr.io/gythialy/golang-cross:v1.17.6-2@sha256:c03303287982360025dda196af6006fc5d1870955115efa8990d7278d8bfb7e9 +- name: ghcr.io/gythialy/golang-cross:v1.17.6-3@sha256:312ac8449408302e5fdde452578607cff075bc80052f4526254cd25fa96ce9e0 entrypoint: /bin/sh dir: "go/src/sigstore/cosign" env: @@ -63,7 +63,7 @@ steps: - | make release -- name: ghcr.io/gythialy/golang-cross:v1.17.6-2@sha256:c03303287982360025dda196af6006fc5d1870955115efa8990d7278d8bfb7e9 +- name: ghcr.io/gythialy/golang-cross:v1.17.6-3@sha256:312ac8449408302e5fdde452578607cff075bc80052f4526254cd25fa96ce9e0 entrypoint: 'bash' dir: "go/src/sigstore/cosign" env: