1#
2# Copyright 2021 The Sigstore Authors.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16timeout: 3600s
17
18steps:
19- name: gcr.io/cloud-builders/git
20 dir: "go/src/sigstore"
21 args:
22 - "clone"
23 - "https://github.com/${_TOOL_ORG}/${_TOOL_REPO}"
24
25- name: gcr.io/cloud-builders/git
26 entrypoint: "bash"
27 dir: "go/src/sigstore/rekor"
28 args:
29 - '-c'
30 - |
31 git fetch
32 echo "Checking out ${_GIT_TAG}"
33 git checkout ${_GIT_TAG}
34
35- name: 'gcr.io/projectsigstore/cosign:v2.2.3-dev@sha256:0d795fa145b03026b7bc2a35e33068cdb75e1c1f974e604c17408bf7bd174967'
36 dir: "go/src/sigstore/rekor"
37 env:
38 - TUF_ROOT=/tmp
39 args:
40 - 'verify'
41 - 'ghcr.io/gythialy/golang-cross:v1.21.8-0@sha256:9c86fc6c6763cd5cd9a07f25083fc5a87f3525b5f8d7ff886822e2153f0c8405'
42 - '--certificate-oidc-issuer'
43 - "https://token.actions.githubusercontent.com"
44 - '--certificate-identity'
45 - "https://github.com/gythialy/golang-cross/.github/workflows/release-golang-cross.yml@refs/tags/v1.21.8-0"
46
47- name: ghcr.io/gythialy/golang-cross:v1.21.8-0@sha256:9c86fc6c6763cd5cd9a07f25083fc5a87f3525b5f8d7ff886822e2153f0c8405
48 entrypoint: /bin/sh
49 dir: "go/src/sigstore/rekor"
50 env:
51 - "GOPATH=/workspace/go"
52 - "GOBIN=/workspace/bin"
53 - PROJECT_ID=${PROJECT_ID}
54 - KEY_LOCATION=${_KEY_LOCATION}
55 - KEY_RING=${_KEY_RING}
56 - KEY_NAME=${_KEY_NAME}
57 - KEY_VERSION=${_KEY_VERSION}
58 - GIT_TAG=${_GIT_TAG}
59 - GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
60 - COSIGN_YES=true
61 - KO_PREFIX=gcr.io/${PROJECT_ID}
62 secretEnv:
63 - GITHUB_TOKEN
64 args:
65 - '-c'
66 - |
67 gcloud auth configure-docker \
68 && make release
69
70- name: ghcr.io/gythialy/golang-cross:v1.21.8-0@sha256:9c86fc6c6763cd5cd9a07f25083fc5a87f3525b5f8d7ff886822e2153f0c8405
71 entrypoint: 'bash'
72 dir: "go/src/sigstore/rekor"
73 env:
74 - "GOPATH=/workspace/go"
75 - "GOBIN=/workspace/bin"
76 - PROJECT_ID=${PROJECT_ID}
77 - KEY_LOCATION=${_KEY_LOCATION}
78 - KEY_RING=${_KEY_RING}
79 - KEY_NAME=${_KEY_NAME}
80 - KEY_VERSION=${_KEY_VERSION}
81 - GIT_TAG=${_GIT_TAG}
82 - KO_PREFIX=gcr.io/${PROJECT_ID}
83 - COSIGN_EXPERIMENTAL=true
84 - GOOGLE_SERVICE_ACCOUNT_NAME=keyless@${PROJECT_ID}.iam.gserviceaccount.com
85 - GITHUB_USER=${_GITHUB_USER}
86 - KO_PREFIX=gcr.io/${PROJECT_ID}
87 secretEnv:
88 - GITHUB_TOKEN
89 args:
90 - '-c'
91 - |
92 echo $$GITHUB_TOKEN | docker login ghcr.io -u $$GITHUB_USER --password-stdin \
93 && make copy-signed-release-to-ghcr || true
94
95availableSecrets:
96 secretManager:
97 - versionName: projects/${PROJECT_NUMBER}/secrets/GITHUB_TOKEN/versions/latest
98 env: GITHUB_TOKEN
99
100artifacts:
101 objects:
102 location: 'gs://${_STORAGE_LOCATION}/${_GIT_TAG}'
103 paths:
104 - "go/src/sigstore/rekor/dist/rekor*"
105 - "go/src/sigstore/rekor/release/release-cosign.pub"
106 - "go/src/sigstore/rekor/rekor*.yaml"
107
108options:
109 machineType: E2_HIGHCPU_8
110
111tags:
112- rekor-release
113- ${_GIT_TAG}
114- ${_TOOL_ORG}
115- ${_TOOL_REPO}
116
117substitutions:
118 _GIT_TAG: 'v0.0.0'
119 _TOOL_ORG: 'honk'
120 _TOOL_REPO: 'honk-repo'
121 _STORAGE_LOCATION: 'honk'
122 _KEY_RING: 'honk-ring'
123 _KEY_NAME: 'honk-crypto'
124 _KEY_VERSION: '1'
125 _KEY_LOCATION: 'global'
126 _GITHUB_USER: 'placeholder'
View as plain text