diff --git a/.github/workflows/add-remove-new-fulcio.yaml b/.github/workflows/add-remove-new-fulcio.yaml index 0bea40f10..9f33eb713 100644 --- a/.github/workflows/add-remove-new-fulcio.yaml +++ b/.github/workflows/add-remove-new-fulcio.yaml @@ -27,6 +27,9 @@ jobs: matrix: k8s-version: - v1.25.x + - v1.26.x + - v1.27.x + - v1.28.x leg: - fulcio-key-rotation @@ -71,6 +74,8 @@ jobs: ${{ runner.os }}-go-${{ matrix.go-version }}- - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 + with: + version: tip - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 @@ -86,7 +91,7 @@ jobs: - name: Setup Knative uses: chainguard-dev/actions/setup-knative@main with: - version: "1.8.x" + version: "1.10.x" serving-features: > { "kubernetes.podspec-fieldref": "enabled" diff --git a/.github/workflows/fulcio-rekor-kind.yaml b/.github/workflows/fulcio-rekor-kind.yaml index 50bb706ce..4dc008f32 100644 --- a/.github/workflows/fulcio-rekor-kind.yaml +++ b/.github/workflows/fulcio-rekor-kind.yaml @@ -26,10 +26,10 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.23.x - - v1.24.x - v1.25.x - v1.26.x + - v1.27.x + - v1.28.x leg: - fulcio rekor ctlog e2e @@ -74,6 +74,8 @@ jobs: ${{ runner.os }}-go-${{ matrix.go-version }}- - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 + with: + version: tip - uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2 diff --git a/.github/workflows/test-action-tuf.yaml b/.github/workflows/test-action-tuf.yaml index 4ea634b46..e8db1a95e 100644 --- a/.github/workflows/test-action-tuf.yaml +++ b/.github/workflows/test-action-tuf.yaml @@ -23,13 +23,12 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.23.x - - v1.24.x - v1.25.x - # TODO: need release w/ 1.26 support first. - # - v1.26.x + - v1.26.x + - v1.27.x + - v1.28.x release-version: - - "latest-release" # Test explicitly with latest + - "main" # Test explicitly with latest go-version: - 1.21.x leg: @@ -58,6 +57,8 @@ jobs: check-latest: true - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 + with: + version: tip - name: Create sample image run: | diff --git a/.github/workflows/test-release.yaml b/.github/workflows/test-release.yaml index 889fbdd12..72ffc8136 100644 --- a/.github/workflows/test-release.yaml +++ b/.github/workflows/test-release.yaml @@ -23,18 +23,17 @@ jobs: fail-fast: false # Keep running if one leg fails. matrix: k8s-version: - - v1.23.x - - v1.24.x - v1.25.x - # TODO: enable after next release. - # - 1.26.x + - v1.26.x + - v1.27.x + - v1.28.x leg: - fulcio rekor ctlog e2e go-version: - 1.21.x env: - RELEASE_VERSION: "v0.5.1" + RELEASE_VERSION: "v0.6.9" KO_DOCKER_REPO: registry.local:5000/knative KOCACHE: ~/ko COSIGN_EXPERIMENTAL: "true" @@ -51,6 +50,8 @@ jobs: check-latest: true - uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6 + with: + version: tip - name: Setup Cluster # TODO: update after next release. diff --git a/Makefile b/Makefile index 2921ab343..5f52a3f1a 100644 --- a/Makefile +++ b/Makefile @@ -69,7 +69,7 @@ ko-apply-rekor: .PHONY: ko-apply-trillian ko-apply-trillian: LDFLAGS="$(LDFLAGS)" \ - ko apply -BRf ./config/trillian + ko apply -v -BRf ./config/trillian .PHONY: ko-apply-tsa ko-apply-tsa: diff --git a/actions/setup/action.yml b/actions/setup/action.yml index 4ae2a95d3..ff5254678 100644 --- a/actions/setup/action.yml +++ b/actions/setup/action.yml @@ -19,7 +19,7 @@ branding: color: green inputs: version: - description: 'Version of scaffolding to install (v0.4.0, latest-release.)' + description: 'Version of scaffolding to install (v0.4.0, latest-release, main); main will use the latest commit on the main branch' required: true default: 'latest-release' sigstore-only: @@ -31,9 +31,7 @@ inputs: required: true default: "." knative-version: - description: 'Version of Knative to install (1.1.0, 1.1.1, etc.)' - required: true - default: '1.6.0' + description: 'Version of Knative to install (1.1.0, 1.1.1, etc.); if not specified, a version with support for requested k8s-version will be used' registry-name: description: 'Name of the registry to install (registry.local)' required: true @@ -47,9 +45,9 @@ inputs: required: true default: 'cluster.local' k8s-version: - description: 'kubernetes version to install (v1.23.x, v1.24.x, v1.25.x, v1.26.x, v1.27.x, v1.28.x), default: v1.24.x' + description: 'kubernetes version to install (v1.25.x, v1.26.x, v1.27.x, v1.28.x), default: v1.25.x' required: true - default: 'v1.24.x' + default: 'v1.25.x' runs: using: "composite" steps: @@ -61,7 +59,7 @@ runs: # - if version is "latest-release", look up latest release. # - otherwise, install the specified version. case ${{ inputs.version }} in - latest-release) + latest-release | main) tag=$(curl -s -u "username:${{ github.token }}" https://api.github.com/repos/sigstore/scaffolding/releases/latest | jq -r '.tag_name') ;; *) @@ -90,23 +88,37 @@ runs: sudo service docker restart echo "Installing kind and knative using release" - curl -fLo ./setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-kind.sh + + if [ "${{ inputs.version }}" != "main" ]; then + curl -fLo ./setup-kind.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-kind.sh + else + cp ${{ github.action_path }}/../../hack/setup-kind.sh . + fi + chmod u+x ./setup-kind.sh ./setup-kind.sh \ --registry-url ${{ inputs.registry-name }}:${{ inputs.registry-port }} \ --cluster-suffix ${{ inputs.cluster-suffix }} \ - --k8s-version ${{ inputs.k8s-version }} \ - --knative-version ${{ inputs.knative-version }} + --k8s-version ${{ inputs.k8s-version }} ${{ inputs.knative-version != '' && format('--knative-version {0}', inputs.knative-version) || '' }} fi - echo "Installing sigstore scaffolding @ ${tag}" - curl -fLo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-scaffolding-from-release.sh + if [ "${{ inputs.version }}" != "main" ]; then + echo "Installing sigstore scaffolding @ ${tag}" + curl -fLo /tmp/setup-scaffolding-from-release.sh https://github.com/sigstore/scaffolding/releases/download/${tag}/setup-scaffolding-from-release.sh + else + cp ${{ github.action_path }}/../../hack/setup-scaffolding-from-release.sh /tmp/ + fi # Temp hack to address issuer mismatch issue. # Can be removed with the next release, after v0.6.5 sed -i "s@kubectl apply -f \"\${FULCIO}\"@curl -Ls \"\${FULCIO}\" | sed 's#\"IssuerURL\": \"https://kubernetes.default.svc\",#\"IssuerURL\": \"https://kubernetes.default.svc.cluster.local\",#' | kubectl apply -f -@" /tmp/setup-scaffolding-from-release.sh chmod u+x /tmp/setup-scaffolding-from-release.sh cat /tmp/setup-scaffolding-from-release.sh - /tmp/setup-scaffolding-from-release.sh --release-version ${tag} + if [ "${{ inputs.version }}" != "main" ]; then + /tmp/setup-scaffolding-from-release.sh --release-version ${tag} + else + /tmp/setup-scaffolding-from-release.sh + fi + TUF_MIRROR=$(kubectl -n tuf-system get ksvc tuf -ojsonpath='{.status.url}') echo "TUF_MIRROR=$TUF_MIRROR" >> $GITHUB_ENV # Grab the trusted root diff --git a/hack/setup-kind.sh b/hack/setup-kind.sh index d28394997..23d6d2db3 100755 --- a/hack/setup-kind.sh +++ b/hack/setup-kind.sh @@ -33,8 +33,7 @@ do done # Defaults -K8S_VERSION="v1.24.x" -KNATIVE_VERSION="1.6.0" +K8S_VERSION="v1.25.x" REGISTRY_NAME="registry.local" REGISTRY_PORT="5001" CLUSTER_SUFFIX="cluster.local" @@ -48,7 +47,7 @@ while [[ $# -ne 0 ]]; do ;; --knative-version) shift - KNATIVE_VERSION="$1" + KNATIVE_VERSION_ARG="$1" ;; --registry-url) shift @@ -65,41 +64,51 @@ while [[ $# -ne 0 ]]; do done # The version map correlated with this version of KinD +# KNATIVE versions are set from https://github.com/knative/community/blob/main/mechanics/RELEASE-SCHEDULE.md KIND_VERSION="v0.20.0" case ${K8S_VERSION} in v1.23.x) K8S_VERSION="1.23.17" + KNATIVE_VERSION="1.6.0" KIND_IMAGE_SHA="sha256:59c989ff8a517a93127d4a536e7014d28e235fb3529d9fba91b3951d461edfdb" KIND_IMAGE="kindest/node:v${K8S_VERSION}@${KIND_IMAGE_SHA}" ;; v1.24.x) K8S_VERSION="1.24.15" + KNATIVE_VERSION="1.6.0" KIND_IMAGE_SHA="sha256:7db4f8bea3e14b82d12e044e25e34bd53754b7f2b0e9d56df21774e6f66a70ab" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.25.x) K8S_VERSION="1.25.11" + KNATIVE_VERSION="1.11.3" KIND_IMAGE_SHA="sha256:227fa11ce74ea76a0474eeefb84cb75d8dad1b08638371ecf0e86259b35be0c8" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.26.x) K8S_VERSION="1.26.6" + KNATIVE_VERSION="1.12.0" KIND_IMAGE_SHA="sha256:6e2d8b28a5b601defe327b98bd1c2d1930b49e5d8c512e1895099e4504007adb" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.27.x) K8S_VERSION="1.27.3" + KNATIVE_VERSION="1.12.0" KIND_IMAGE_SHA="sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; v1.28.x) K8S_VERSION="1.28.0" + KNATIVE_VERSION="1.12.0" KIND_IMAGE_SHA="sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31" KIND_IMAGE=kindest/node:${K8S_VERSION}@${KIND_IMAGE_SHA} ;; *) echo "Unsupported version: ${K8S_VERSION}"; exit 1 ;; esac +# allow cmd line arg to explicitly override knative mapping above +KNATIVE_VERSION=${KNATIVE_VERSION_ARG:=${KNATIVE_VERSION}} + ############################################################# # # Install KinD @@ -316,7 +325,7 @@ function resource_blaster() { } resource_blaster serving serving-crds.yaml | kubectl apply -f - -sleep 3 # Avoid the race creating CRDs then instantiating them... +sleep 10 # Avoid the race creating CRDs then instantiating them... resource_blaster serving serving-core.yaml | kubectl apply -f - resource_blaster net-kourier kourier.yaml | kubectl apply -f - kubectl patch configmap/config-network \ diff --git a/hack/setup-scaffolding-from-release.sh b/hack/setup-scaffolding-from-release.sh index d4d607e13..f548173b0 100755 --- a/hack/setup-scaffolding-from-release.sh +++ b/hack/setup-scaffolding-from-release.sh @@ -19,7 +19,7 @@ set -o pipefail set -o xtrace # Default -RELEASE_VERSION="v0.6.3" +RELEASE_VERSION="v0.6.9" while [[ $# -ne 0 ]]; do parameter="$1"