Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update cloud build script to latest for v1.13.x #3615

Merged
merged 13 commits into from
Mar 21, 2024
Merged

Update cloud build script to latest for v1.13.x #3615

merged 13 commits into from
Mar 21, 2024

Conversation

haydentherapper
Copy link
Contributor

Will use the latest Go binary and Cosign version

Summary

Release Note

Documentation

@haydentherapper
Update cloud build script to latest for v1.13.x
f74fd10 
Will use the latest Go binary and Cosign version

Signed-off-by: Hayden B <[email protected]>
@haydentherapper haydentherapper requested a review from cpanato March 21, 2024 17:35
@codecov Codecov
Copy link

codecov bot commented Mar 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 29.73%. Comparing base (566ab9d) to head (f16c253).

Additional details and impacted files 
@@              Coverage Diff              @@
##           release-1.13    #3615   +/-   ##
=============================================
  Coverage         29.73%   29.73%           
=============================================
  Files               137      137           
  Lines              8560     8560           
=============================================
  Hits               2545     2545           
  Misses             5685     5685           
  Partials            330      330

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@haydentherapper
Copy link
Contributor Author

The cloud build script fails because the version of Cosign we are verifying golang-cross with can't pull down the latest metadata. Furthermore, we need to bump golang-cross to the latest (or at least a version with v2 >= 2.2.0) since we use the Cosign version installed in that container to sign the releases.

haydentherapper
haydentherapper commented Mar 21, 2024
View reviewed changes
release/ko-sign-release-images.sh

cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat cosignImagerefs)
cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat sgetImagerefs)
cosign sign --yes --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat cosignImagerefs)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to update sign script too since force flag no longer exists

@haydentherapper
Update .goreleaser.yml
8402458 
Signed-off-by: Hayden B <[email protected]>
@haydentherapper
Update release.mk
4dfbc99 
Signed-off-by: Hayden B <[email protected]>
@haydentherapper
Update .ko.yaml
544b0ff 
Signed-off-by: Hayden B <[email protected]>
@haydentherapper
Update Makefile
f966da9 
Signed-off-by: Hayden B <[email protected]>
@haydentherapper
Copy link
Contributor Author

I think I've updated everything necessary. Let me know if this can be simplified though, because this is bumping a lot of the CI infrastructure.

I think we can now use the GHA to kick off the job, but if not, from the branch, we will need to run gcloud builds submit --no-source --async --config release/cloudbuild.yaml --substitutions _GIT_TAG=v1.13.3,_TOOL_ORG=sigstore,_TOOL_REPO=cosign,_STORAGE_LOCATION=cosign-releases,_KEY_RING=release-cosign,_KEY_NAME=cosign,_GITHUB_USER=sigstore-bot --project=projectsigstore

@haydentherapper
Copy link
Contributor Author

I think we're good now. I didn't remove sget entirely, because that's a lot of work, but this does remove sget as a released go artifact.

@cpanato cpanato merged commit eb4e699 into release-1.13 Mar 21, 2024
18 checks passed
@cpanato cpanato deleted the haydentherapper-patch-1 branch March 21, 2024 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@bobcallaway bobcallaway Awaiting requested review from bobcallaway

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@haydentherapper @cpanato