Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generate and upload release yaml #1436

Closed
wants to merge 3 commits into from
Closed

generate and upload release yaml #1436

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5f1bb7b
generate and upload release yaml
k4leung4 Feb 9, 2022
702e367
fix yaml syntax
k4leung4 Feb 9, 2022
d4daf2e
fix indentations and typo
k4leung4 Feb 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions .github/workflows/publish-release-yaml.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# Copyright 2022 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

name: 'Publish Release YAML'

on:
release:
types: [published]
workflow_dispatch:
inputs:
tag:
required: true
type: string
description: 'Release tag to generate YAML for.'

defaults:
run:
shell: bash
working-directory: ./src/github.com/sigstore/cosign

jobs:
publish_yaml:
name: 'Publish Release YAML'
runs-on: ['ubuntu-latest']
permissions:
# write permission needed for OIDC token exchange.
id-token: write
contents: read

env:
KO_DOCKER_REPO: 'gcr.io/projectsigstore'
KOCACHE: '~/ko'
REPO: 'sigstore/cosign'
RELEASE_TAG: '${{ github.event.inputs.tag || github.ref }}'

steps:
- name: 'Set release file name env variable.'
run: echo "RELEASE_YAML=cosign-${{ env.RELEASE_TAG }}.yaml" >> $GITHUB_ENV

- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0.4.1'
with:
# Default is to generate a key file, which is automatically configured for use with gcloud.
workload_identity_provider: 'projects/498091336538/locations/global/workloadIdentityPools/githubactions/providers/sigstore-cosign'
service_account: 'github-actions@projectsigstore.iam.gserviceaccount.com'

- name: 'Setup gcloud'
uses: 'google-github-actions/setup-gcloud@v0.5.0'
with:
project_id: projectsigstore

- name: 'Configure GCR auth'
run: gcloud auth configure-docker

- uses: 'imjasonh/setup-ko@v0.4'

- name: 'Check out sigstore/cosign'
uses: 'actions/checkout@v2'
with:
ref: ${{ env.RELEASE_TAG }}
repository: ${{ env.REPO }}
path: ./src/github.com/${{ env.REPO }}

- name: 'Create YAML'
run: ko resolve -f config/ > ${{ env.RELEASE_YAML }}

- name: 'Upload YAML'
run: gh release upload ${{ env.RELEASE_TAG }} ${{ env.RELEASE_YAML }} -R ${{ env.REPO }}