From 20222063bda6051c9b4e0a9be903e5b939f0a1bc Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 7 Dec 2023 09:28:49 -0700 Subject: [PATCH 1/3] update builder images to use go1.21.5 Signed-off-by: cpanato --- .github/workflows/validate-release.yml | 8 ++++---- release/cloudbuild.yaml | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 041c60e6c99..27760646f19 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -26,14 +26,14 @@ jobs: check-signature: runs-on: ubuntu-latest container: - image: gcr.io/projectsigstore/cosign:v2.2.0@sha256:280b47054876d415f66a279e666e35157cae6881f3538599710290c70bb75369 + image: gcr.io/projectsigstore/cosign:v2.2.2@sha256:4c42b1122d79bef6e333c33510a4228d5c4e69875f28288e5a6bef3e299561f8 steps: - name: Check Signature run: | - cosign verify ghcr.io/gythialy/golang-cross:v1.21.4-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 \ + cosign verify ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ - --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.4-0" + --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.5-0" env: TUF_ROOT: /tmp @@ -43,7 +43,7 @@ jobs: - check-signature container: - image: ghcr.io/gythialy/golang-cross:v1.21.4-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 + image: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 permissions: {} diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 22f3ffcae67..21af6ced1c9 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -32,20 +32,20 @@ steps: echo "Checking out ${_GIT_TAG}" git checkout ${_GIT_TAG} - - name: 'gcr.io/projectsigstore/cosign:v2.2.0@sha256:280b47054876d415f66a279e666e35157cae6881f3538599710290c70bb75369' + - name: 'gcr.io/projectsigstore/cosign:v2.2.2@sha256:4c42b1122d79bef6e333c33510a4228d5c4e69875f28288e5a6bef3e299561f8' dir: "go/src/sigstore/cosign" env: - TUF_ROOT=/tmp args: - 'verify' - - 'ghcr.io/gythialy/golang-cross:v1.21.4-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366' + - 'ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366' - '--certificate-oidc-issuer' - "https://token.actions.githubusercontent.com" - '--certificate-identity' - - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.4-0" + - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.5-0" # maybe we can build our own image and use that to be more in a safe side - - name: ghcr.io/gythialy/golang-cross:v1.21.4-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 + - name: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 entrypoint: /bin/sh dir: "go/src/sigstore/cosign" env: @@ -68,7 +68,7 @@ steps: gcloud auth configure-docker \ && make release - - name: ghcr.io/gythialy/golang-cross:v1.21.4-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 + - name: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 entrypoint: 'bash' dir: "go/src/sigstore/cosign" env: From a5537389cab75e26326c2d4cb9c025afe6fcdf6d Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 7 Dec 2023 09:30:54 -0700 Subject: [PATCH 2/3] use dev tag that have a shell Signed-off-by: cpanato --- .github/workflows/validate-release.yml | 2 +- release/cloudbuild.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 27760646f19..17566a15259 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -26,7 +26,7 @@ jobs: check-signature: runs-on: ubuntu-latest container: - image: gcr.io/projectsigstore/cosign:v2.2.2@sha256:4c42b1122d79bef6e333c33510a4228d5c4e69875f28288e5a6bef3e299561f8 + image: gcr.io/projectsigstore/cosign:v2.2.2-dev@sha256:1a49e2f6cf3580935863d9d8d46066db9aad3dbd673ca24cb83d143221c6e64b steps: - name: Check Signature diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 21af6ced1c9..0279b515d28 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -32,7 +32,7 @@ steps: echo "Checking out ${_GIT_TAG}" git checkout ${_GIT_TAG} - - name: 'gcr.io/projectsigstore/cosign:v2.2.2@sha256:4c42b1122d79bef6e333c33510a4228d5c4e69875f28288e5a6bef3e299561f8' + - name: 'gcr.io/projectsigstore/cosign:v2.2.2-dev@sha256:1a49e2f6cf3580935863d9d8d46066db9aad3dbd673ca24cb83d143221c6e64b' dir: "go/src/sigstore/cosign" env: - TUF_ROOT=/tmp From 3e2f84338279c7e9a49f1c2f37bf65120fa51520 Mon Sep 17 00:00:00 2001 From: cpanato Date: Thu, 7 Dec 2023 09:58:09 -0700 Subject: [PATCH 3/3] fix digest Signed-off-by: cpanato --- .github/workflows/validate-release.yml | 4 ++-- release/cloudbuild.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/validate-release.yml b/.github/workflows/validate-release.yml index 17566a15259..e30b9f054da 100644 --- a/.github/workflows/validate-release.yml +++ b/.github/workflows/validate-release.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Check Signature run: | - cosign verify ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 \ + cosign verify ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:1ae1126ad52bc4c0950ea67ea5c30623fd0d3bc0f1aac6ba99e3ba5d7ea5d5ac \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.5-0" env: @@ -43,7 +43,7 @@ jobs: - check-signature container: - image: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 + image: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:1ae1126ad52bc4c0950ea67ea5c30623fd0d3bc0f1aac6ba99e3ba5d7ea5d5ac permissions: {} diff --git a/release/cloudbuild.yaml b/release/cloudbuild.yaml index 0279b515d28..a2affe88e5c 100644 --- a/release/cloudbuild.yaml +++ b/release/cloudbuild.yaml @@ -38,14 +38,14 @@ steps: - TUF_ROOT=/tmp args: - 'verify' - - 'ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366' + - 'ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:1ae1126ad52bc4c0950ea67ea5c30623fd0d3bc0f1aac6ba99e3ba5d7ea5d5ac' - '--certificate-oidc-issuer' - "https://token.actions.githubusercontent.com" - '--certificate-identity' - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.5-0" # maybe we can build our own image and use that to be more in a safe side - - name: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 + - name: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:1ae1126ad52bc4c0950ea67ea5c30623fd0d3bc0f1aac6ba99e3ba5d7ea5d5ac entrypoint: /bin/sh dir: "go/src/sigstore/cosign" env: @@ -68,7 +68,7 @@ steps: gcloud auth configure-docker \ && make release - - name: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:d18679c199db258cac9876a80abf9aff69485cf8a324bf547521f3de4cf3a366 + - name: ghcr.io/gythialy/golang-cross:v1.21.5-0@sha256:1ae1126ad52bc4c0950ea67ea5c30623fd0d3bc0f1aac6ba99e3ba5d7ea5d5ac entrypoint: 'bash' dir: "go/src/sigstore/cosign" env: