Text file src/github.com/sigstore/rekor/.github/workflows/validate-release.yml

Documentation: github.com/sigstore/rekor/.github/workflows

     1#
     2# Copyright 2021 The Sigstore Authors.
     3#
     4# Licensed under the Apache License, Version 2.0 (the "License");
     5# you may not use this file except in compliance with the License.
     6# You may obtain a copy of the License at
     7#
     8#     http://www.apache.org/licenses/LICENSE-2.0
     9#
    10# Unless required by applicable law or agreed to in writing, software
    11# distributed under the License is distributed on an "AS IS" BASIS,
    12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13# See the License for the specific language governing permissions and
    14# limitations under the License.
    15
    16name: CI-Validate-Release-Job
    17
    18on:
    19  push:
    20    branches:
    21      - main
    22      - 'release-**'
    23  pull_request:
    24
    25permissions: {}
    26
    27jobs:
    28  check-signature:
    29    runs-on: ubuntu-latest
    30    container:
    31      image: gcr.io/projectsigstore/cosign:v2.2.3-dev@sha256:0d795fa145b03026b7bc2a35e33068cdb75e1c1f974e604c17408bf7bd174967
    32
    33    steps:
    34      - name: Check Signature
    35        run: |
    36          cosign verify ghcr.io/gythialy/golang-cross:v1.21.8-0@sha256:9c86fc6c6763cd5cd9a07f25083fc5a87f3525b5f8d7ff886822e2153f0c8405 \
    37          --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    38          --certificate-identity "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.8-0"
    39        env:
    40          TUF_ROOT: /tmp
    41
    42  validate-release-job:
    43    runs-on: ubuntu-latest
    44    needs:
    45      - check-signature
    46    container:
    47      image: ghcr.io/gythialy/golang-cross:v1.21.8-0@sha256:9c86fc6c6763cd5cd9a07f25083fc5a87f3525b5f8d7ff886822e2153f0c8405
    48
    49    steps:
    50      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
    51
    52      # Error: fatal: detected dubious ownership in repository at '/__w/rekor/rekor'
    53      #      To add an exception for this directory, call:
    54      #          git config --system --add safe.directory /__w/rekor/rekor
    55      # Reason: Recent versions of git require the .git folder to be owned
    56      # by the same user (see https://github.blog/2022-04-12-git-security-vulnerability-announced/).
    57      # Related
    58      # - https://github.com/actions/runner/issues/2033
    59      # - https://github.com/actions/checkout/issues/1048
    60      # - https://github.com/actions/runner-images/issues/6775
    61      - run: git config --system --add safe.directory /__w/rekor/rekor
    62
    63      - name: goreleaser snapshot
    64        run: make snapshot
    65        env:
    66          PROJECT_ID: honk-fake-project
    67          RUNTIME_IMAGE: gcr.io/distroless/static:debug-nonroot
    68
    69      - name: check binaries
    70        run: |
    71          ./dist/rekor-server-linux-amd64 version
    72          ./dist/rekor-cli-linux-amd64 version

View as plain text