Skip to content

Commit f5373b0

Browse files
Hayden-IOHayden-IO
authored
Switch from cosign copy to oras copy (sigstore#4819)
cosign copy does not copy referring artifacts, so we'll use oras instead as part of the build step. Fixes sigstore#4818 Signed-off-by: Hayden <8418760+Hayden-IO@users.noreply.github.com>
1 parent 5fff886 commit f5373b0

2 files changed

Lines changed: 41 additions & 12 deletions

File tree

release/cloudbuild.yaml

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ steps:
7373
env:
7474
- "GOPATH=/workspace/go"
7575
- "GOBIN=/workspace/bin"
76+
- "DOCKER_CONFIG=/workspace/.docker"
7677
- PROJECT_ID=${PROJECT_ID}
7778
- KEY_LOCATION=${_KEY_LOCATION}
7879
- KEY_RING=${_KEY_RING}
@@ -90,7 +91,44 @@ steps:
9091
- '-c'
9192
- |
9293
echo $$GITHUB_TOKEN | docker login ghcr.io -u $$GITHUB_USER --password-stdin \
93-
&& make sign-release-images && make copy-signed-release-to-ghcr || true
94+
&& make sign-release-images || true
95+
96+
- name: 'ghcr.io/oras-project/oras:v1.3.1@sha256:96ef3b6ddc71d8a6b7bcdae517f6b696bcb4f8abac4ea62beec1ee482f433a83'
97+
env:
98+
- 'DOCKER_CONFIG=/workspace/.docker'
99+
args:
100+
- 'copy'
101+
- '-r'
102+
- 'gcr.io/${PROJECT_ID}/cosign:${_GIT_TAG}'
103+
- '${_GHCR_PREFIX}/cosign:${_GIT_TAG}'
104+
105+
- name: 'ghcr.io/oras-project/oras:v1.3.1@sha256:96ef3b6ddc71d8a6b7bcdae517f6b696bcb4f8abac4ea62beec1ee482f433a83'
106+
env:
107+
- 'DOCKER_CONFIG=/workspace/.docker'
108+
args:
109+
- 'copy'
110+
- '-r'
111+
- '${_GHCR_PREFIX}/cosign:${_GIT_TAG}'
112+
- '${_GHCR_PREFIX}/cosign:latest'
113+
114+
- name: 'ghcr.io/oras-project/oras:v1.3.1@sha256:96ef3b6ddc71d8a6b7bcdae517f6b696bcb4f8abac4ea62beec1ee482f433a83'
115+
env:
116+
- 'DOCKER_CONFIG=/workspace/.docker'
117+
args:
118+
- 'copy'
119+
- '-r'
120+
- 'gcr.io/${PROJECT_ID}/cosign:${_GIT_TAG}-dev'
121+
- '${_GHCR_PREFIX}/cosign:${_GIT_TAG}-dev'
122+
123+
- name: 'ghcr.io/oras-project/oras:v1.3.1@sha256:96ef3b6ddc71d8a6b7bcdae517f6b696bcb4f8abac4ea62beec1ee482f433a83'
124+
env:
125+
- 'DOCKER_CONFIG=/workspace/.docker'
126+
args:
127+
- 'copy'
128+
- '-r'
129+
- '${_GHCR_PREFIX}/cosign:${_GIT_TAG}-dev'
130+
- '${_GHCR_PREFIX}/cosign:latest-dev'
131+
94132

95133
availableSecrets:
96134
secretManager:
@@ -123,3 +161,5 @@ substitutions:
123161
_KEY_VERSION: '1'
124162
_KEY_LOCATION: 'global'
125163
_GITHUB_USER: 'placeholder'
164+
_GHCR_PREFIX: 'ghcr.io/sigstore/cosign'
165+

release/release.mk

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -19,14 +19,3 @@ sign-release-images: ko
1919
.PHONY: snapshot
2020
snapshot:
2121
LDFLAGS="$(LDFLAGS)" goreleaser release --skip=sign,publish --snapshot --clean --timeout 120m --parallelism 1
22-
23-
####################
24-
# copy image to GHCR
25-
####################
26-
27-
.PHONY: copy-signed-release-to-ghcr
28-
copy-signed-release-to-ghcr:
29-
cosign copy $(KO_PREFIX)/cosign:$(GIT_VERSION) $(GHCR_PREFIX)/cosign:$(GIT_VERSION)
30-
cosign copy --force=true $(GHCR_PREFIX)/cosign:$(GIT_VERSION) $(GHCR_PREFIX)/cosign:latest
31-
cosign copy $(KO_PREFIX)/cosign:$(GIT_VERSION)-dev $(GHCR_PREFIX)/cosign:$(GIT_VERSION)-dev
32-
cosign copy --force=true $(GHCR_PREFIX)/cosign:$(GIT_VERSION)-dev $(GHCR_PREFIX)/cosign:latest-dev

0 commit comments

Comments
 (0)