Skip to content

Commit 1af7fef

Browse files
apiarian-datadogapiarian-datadog
committed
chore: separate layer signing from layer publishing
1 parent 90170e3 commit 1af7fef

2 files changed

Lines changed: 14 additions & 8 deletions

File tree

.gitlab/datasources/flavors.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ flavors:
33
arch: amd64
44
alpine: 0
55
fips: 0
6+
needs_layer_sign: true
67
needs_layer_publish: true
78
suffix: amd64
89
layer_name_base_suffix: ""
@@ -13,6 +14,7 @@ flavors:
1314
arch: arm64
1415
alpine: 0
1516
fips: 0
17+
needs_layer_sign: true
1618
needs_layer_publish: true
1719
suffix: arm64
1820
layer_name_base_suffix: "-ARM"
@@ -23,20 +25,23 @@ flavors:
2325
arch: amd64
2426
alpine: 1
2527
fips: 0
28+
needs_layer_sign: false
2629
needs_layer_publish: false
2730
suffix: amd64-alpine
2831

2932
- name: arm64, alpine
3033
arch: arm64
3134
alpine: 1
3235
fips: 0
36+
needs_layer_sign: false
3337
needs_layer_publish: false
3438
suffix: arm64-alpine
3539

3640
- name: amd64, fips
3741
arch: amd64
3842
alpine: 0
3943
fips: 1
44+
needs_layer_sign: true
4045
needs_layer_publish: false
4146
suffix: amd64-fips
4247
max_layer_compressed_size_mb: 21
@@ -46,6 +51,7 @@ flavors:
4651
arch: arm64
4752
alpine: 0
4853
fips: 1
54+
needs_layer_sign: true
4955
needs_layer_publish: false
5056
suffix: arm64-fips
5157
max_layer_compressed_size_mb: 19
@@ -55,13 +61,15 @@ flavors:
5561
arch: amd64
5662
alpine: 1
5763
fips: 1
64+
needs_layer_sign: false
5865
needs_layer_publish: false
5966
suffix: amd64-fips-alpine
6067

6168
- name: arm64, fips, alpine
6269
arch: arm64
6370
alpine: 1
6471
fips: 1
72+
needs_layer_sign: false
6573
needs_layer_publish: false
6674
suffix: arm64-fips-alpine
6775

.gitlab/templates/pipeline.yaml.tpl

Lines changed: 6 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -124,8 +124,7 @@ check layer size ({{ $flavor.name }}):
124124
125125
{{ end }} # end max_layer_compressed_size_mb
126126
127-
{{ if $flavor.needs_layer_publish }}
128-
127+
{{ if $flavor.needs_layer_sign }}
129128
sign layer ({{ $flavor.name }}):
130129
stage: sign
131130
tags: ["arch:amd64"]
@@ -150,6 +149,9 @@ sign layer ({{ $flavor.name }}):
150149
{{ end }}
151150
script:
152151
- .gitlab/scripts/sign_layers.sh prod
152+
{{ end }} # end needs_layer_sign
153+
154+
{{ if $flavor.needs_layer_publish }}
153155

154156
{{ range $environment_name, $environment := (ds "environments").environments }}
155157

@@ -300,15 +302,11 @@ layer bundle:
300302
tags: ["arch:amd64"]
301303
needs:
302304
{{ range (ds "flavors").flavors }}
303-
{{ if .needs_layer_publish }}
304305
- layer ({{ .name }})
305-
{{ end }} # end needs_layer_publish
306306
{{ end }} # end flavors
307307
dependencies:
308308
{{ range (ds "flavors").flavors }}
309-
{{ if .needs_layer_publish }}
310309
- layer ({{ .name }})
311-
{{ end }} # end needs_layer_publish
312310
{{ end }} # end flavors
313311
artifacts:
314312
expire_in: 1 hr
@@ -328,13 +326,13 @@ signed layer bundle:
328326
- if: '$CI_COMMIT_TAG =~ /^v.*/'
329327
needs:
330328
{{ range (ds "flavors").flavors }}
331-
{{ if .needs_layer_publish }}
329+
{{ if .needs_layer_sign }}
332330
- sign layer ({{ .name }})
333331
{{ end }} # end needs_layer_publish
334332
{{ end }} # end flavors
335333
dependencies:
336334
{{ range (ds "flavors").flavors }}
337-
{{ if .needs_layer_publish }}
335+
{{ if .needs_layer_sign }}
338336
- sign layer ({{ .name }})
339337
{{ end }} # end needs_layer_publish
340338
{{ end }} # end flavors

0 commit comments

Comments
 (0)