Add setup-go and build binary steps to release workflow

Update publish pkg make target to use zarf version for init pkg name Comment out step to sign the image and add a TODO to setup repo secrets for cosign
defenseunicorns · Oct 18, 2023 · 852865d · 852865d
1 parent 43c1135
commit 852865d
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -27,6 +27,12 @@ jobs:
       - name: Install tools
         uses: defenseunicorns/zarf/.github/actions/install-tools@main
 
+      - name: Setup Go
+        uses: defenseunicorns/zarf/.github/actions/golang@main
+
+      - name: Build ECR credential-helper binary
+        run: make build-credential-helper-linux-amd
+
       - name: "ECR Credential Helper: Login to GHCR"
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
         with:
@@ -37,13 +43,14 @@ jobs:
       - name: "ECR Credential Helper: Build and Publish the Image"
         run: docker buildx build --push --platform linux/amd64 --tag ghcr.io/defenseunicorns/zarf-init-aws/ecr-credential-helper:$GITHUB_REF_NAME .
 
-      - name: "ECR Credential Helper: Sign the Image"
-        run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=$GITHUB_REF_NAME ghcr.io/defenseunicorns/zarf-init-aws/ecr-credential-helper:$GITHUB_REF_NAME
-        env:
-          COSIGN_EXPERIMENTAL: 1
-          AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }}
+      # TODO@jeff-mccoy: Setup cosign signing key secrets in repo
+      # - name: "ECR Credential Helper: Sign the Image"
+      #   run: cosign sign --key awskms:///${{ secrets.COSIGN_AWS_KMS_KEY }} -a release-engineer=https://github.com/${{ github.actor }} -a version=$GITHUB_REF_NAME ghcr.io/defenseunicorns/zarf-init-aws/ecr-credential-helper:$GITHUB_REF_NAME
+      #   env:
+      #     COSIGN_EXPERIMENTAL: 1
+      #     AWS_REGION: ${{ secrets.COSIGN_AWS_REGION }}
+      #     AWS_ACCESS_KEY_ID: ${{ secrets.COSIGN_AWS_KEY_ID }}
+      #     AWS_SECRET_ACCESS_KEY: ${{ secrets.COSIGN_AWS_ACCESS_KEY }}
 
       - name: Build AWS init package for release
         run: make release-aws-init-package CREDENTIAL_HELPER_IMAGE_TAG=$GITHUB_REF_NAME

diff --git a/Makefile b/Makefile
@@ -3,7 +3,7 @@
 
 # Provide a default value for the operating system architecture used in tests, e.g. " APPLIANCE_MODE=true|false make test-e2e ARCH=arm64"
 ARCH ?= amd64
-CLI_VERSION ?= $(if $(shell git describe --tags),$(shell git describe --tags),"UnknownVersion")
+ZARF_VERSION ?= $$(zarf version)
 CREDENTIAL_HELPER_BIN := ./build/zarf-ecr-credential-helper
 CLUSTER_NAME ?= ""
 INSTANCE_TYPE ?= t3.small
@@ -55,7 +55,7 @@ release-aws-init-package:
 
 # INTERNAL: used to publish the AWS init package
 publish-aws-init-package:
-	zarf package publish build/zarf-init-$(ARCH)-$(CLI_VERSION).tar.zst oci://$(REPOSITORY_URL)
+	zarf package publish build/zarf-init-$(ARCH)-$(ZARF_VERSION).tar.zst oci://$(REPOSITORY_URL)
 	zarf package publish . oci://$(REPOSITORY_URL)
 
 eks-package: ## Build the EKS package