Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge container-build.yml and release.yml workflows for slsactl #976

Closed
viccuad opened this issue Nov 12, 2024 · 0 comments · Fixed by #984
Closed

Merge container-build.yml and release.yml workflows for slsactl #976

viccuad opened this issue Nov 12, 2024 · 0 comments · Fixed by #984
Assignees
@jvanz
Labels
area/ci
Milestone
1.19

Comments

@viccuad
Copy link
Member

viccuad commented Nov 12, 2024
edited
Loading

cosign captures the name of the "sub workflow" that actually did the cosign operation, instead of any of its callers (release.yml -> container-build.yml). Resulting in a signing cert referencing container-image.yml.

This twarts automated verification tools such as slsactl, which would need ad-hoc info to know about these caller workflows.

Acceptance criteria

  • Merge container-build.yml workflow into release.yml workflow.
  • Make sure that both :latest and tagged container builds and pushes are happening.
  • Make sure that only tagged builds push SBOMs (and potentially provenance with buildx) to the registry, as well as creating a GH release.
@flavio flavio added this to the 1.19 milestone Nov 12, 2024
@flavio flavio moved this to Todo in Kubewarden Nov 12, 2024
@flavio flavio moved this from Todo to In Progress in Kubewarden Nov 25, 2024
@flavio flavio assigned jvanz and unassigned viccuad Nov 25, 2024
@jvanz jvanz mentioned this issue Nov 25, 2024
Merged
@jvanz jvanz moved this from In Progress to Pending review in Kubewarden Nov 25, 2024
@github-project-automation github-project-automation bot moved this from Pending review to Done in Kubewarden Nov 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvanz jvanz

Labels
area/ci
Projects
Kubewarden
Status: Done
Milestone
1.19
Development

Successfully merging a pull request may close this issue.

chore(ci): allow slsactl verification. jvanz/policy-server
3 participants
@flavio @jvanz @viccuad