diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
index 28fcc9bb5f..13f158395f 100644
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -8,152 +8,34 @@ permissions: read-all
jobs:
push-init-kyverno:
- runs-on: ubuntu-latest
- permissions:
- packages: write
- id-token: write
- steps:
- - name: Checkout
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
-
- - name: Unshallow
- run: git fetch --prune --unshallow
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
- with:
- cosign-release: 'v1.4.1'
-
- - name: login to GitHub Container Registry
- run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
- id: buildx
- with:
- install: true
-
- - name: docker images publish
- run: |
- make docker-publish-sigs
- make docker-publish-initContainer-dev
-
- - name: get digest
- id: get-step
- run: |
- echo "::set-output name=digest::$(make docker-get-initContainer-dev-digest)"
-
- - name: Sign image
- env:
- COSIGN_EXPERIMENTAL: "true"
- run: |
- cosign sign \
- -a "repo=${{ github.repository }}" \
- -a "workflow=${{ github.workflow }}" \
- -a "ref=${{ github.sha }}" \
- ghcr.io/kyverno/kyvernopre@sha256:${{ steps.get-step.outputs.digest }}
+ uses: kyverno/kyverno/.github/workflows/reuse.yaml@main
+ with:
+ publish_command: docker-publish-initContainer-dev
+ digest_command: docker-get-initContainer-dev-digest
+ image_name: kyvernopre
+ tag: image
+ secrets:
+ registry_username: ${{ github.actor }}
+ registry_password: ${{ secrets.CR_PAT }}
push-kyverno:
- runs-on: ubuntu-latest
- permissions:
- packages: write
- id-token: write
- steps:
- - name: Checkout
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
-
- - name: Unshallow
- run: git fetch --prune --unshallow
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
- with:
- cosign-release: 'v1.4.1'
-
- - name: login to GitHub Container Registry
- run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
- id: buildx
- with:
- install: true
-
- - name: docker images publish
- run: |
- make docker-publish-kyverno-dev
-
- - name: get digest
- id: get-step
- run: |
- echo "::set-output name=digest::$(make docker-get-kyverno-dev-digest)"
-
- - name: Sign image
- env:
- COSIGN_EXPERIMENTAL: "true"
- run: |
- cosign sign \
- -a "repo=${{ github.repository }}" \
- -a "workflow=${{ github.workflow }}" \
- -a "ref=${{ github.sha }}" \
- ghcr.io/kyverno/kyverno@sha256:${{ steps.get-step.outputs.digest }}
+ uses: kyverno/kyverno/.github/workflows/reuse.yaml@main
+ with:
+ publish_command: docker-publish-kyverno-dev
+ digest_command: docker-get-kyverno-dev-digest
+ image_name: kyverno
+ tag: image
+ secrets:
+ registry_username: ${{ github.actor }}
+ registry_password: ${{ secrets.CR_PAT }}
push-kyverno-cli:
- runs-on: ubuntu-latest
- permissions:
- packages: write
- id-token: write
- steps:
- - name: Checkout
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
-
- - name: Unshallow
- run: git fetch --prune --unshallow
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
- with:
- cosign-release: 'v1.4.1'
-
- - name: login to GitHub Container Registry
- run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
- id: buildx
- with:
- install: true
-
- - name: docker images publish
- run: |
- make docker-publish-cli-dev
-
- - name: get digest
- id: get-step
- run: |
- echo "::set-output name=digest::$(make docker-get-cli-dev-digest)"
-
- - name: Sign image
- env:
- COSIGN_EXPERIMENTAL: "true"
- run: |
- cosign sign \
- -a "repo=${{ github.repository }}" \
- -a "workflow=${{ github.workflow }}" \
- -a "ref=${{ github.sha }}" \
- ghcr.io/kyverno/kyverno-cli@sha256:${{ steps.get-step.outputs.digest }}
+ uses: kyverno/kyverno/.github/workflows/reuse.yaml@main
+ with:
+ publish_command: docker-publish-cli-dev
+ digest_command: docker-get-cli-dev-digest
+ image_name: kyverno-cli
+ tag: image
+ secrets:
+ registry_username: ${{ github.actor }}
+ registry_password: ${{ secrets.CR_PAT }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index fde3b612e6..02e2989d21 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,230 +8,40 @@ permissions: read-all
jobs:
release-init-kyverno:
- runs-on: ubuntu-latest
- permissions:
- packages: write
- id-token: write
- steps:
- - name: Checkout
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- with:
- fetch-depth: 0
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
- with:
- cosign-release: 'v1.4.1'
-
- - name: Cache Go modules
- uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
- with:
- path: ~/go/pkg/mod
- key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- restore-keys: |
- ${{ runner.os }}-go-
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
- - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
-
- - name: login to GitHub Container Registry
- run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
- id: buildx
- with:
- install: true
-
- - name: Set version
- run: |
- echo "KYVERNO_VERSION=$(git describe --match "v[0-9]*")"
-
- - name : docker images publish
- run: |
- make docker-publish-sigs
- make docker-publish-initContainer
-
- - name: get digest
- id: get-step
- run: |
- echo "::set-output name=digest::$(make docker-get-initContainer-digest)"
-
- - name: Sign image
- env:
- COSIGN_EXPERIMENTAL: "true"
- run: |
- cosign sign \
- -a "repo=${{ github.repository }}" \
- -a "workflow=${{ github.workflow }}" \
- -a "ref=${{ github.sha }}" \
- ghcr.io/kyverno/kyvernopre@sha256:${{ steps.get-step.outputs.digest }}
+ uses: kyverno/kyverno/.github/workflows/reuse.yaml@main
+ with:
+ publish_command: docker-publish-initContainer
+ digest_command: docker-get-initContainer-digest
+ image_name: kyvernopre
+ tag: release
+ main: cmd/initContainer
+ secrets:
+ registry_username: ${{ github.actor }}
+ registry_password: ${{ secrets.CR_PAT }}
release-kyverno:
- runs-on: ubuntu-latest
- permissions:
- packages: write
- id-token: write
- steps:
- - name: Checkout
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- with:
- fetch-depth: 0
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
- with:
- cosign-release: 'v1.4.1'
-
- - name: Cache Go modules
- uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
- with:
- path: ~/go/pkg/mod
- key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- restore-keys: |
- ${{ runner.os }}-go-
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
- - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
-
- - name: login to GitHub Container Registry
- run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
- id: buildx
- with:
- install: true
-
- - name: Set version
- run: |
- echo "KYVERNO_VERSION=$(git describe --match "v[0-9]*")"
- echo "KYVERNO_VERSION=$(git describe --match "v[0-9]*")" >> $GITHUB_ENV
-
- - name: Generate SBOM JSON
- uses: CycloneDX/gh-gomod-generate-sbom@c18e41a4e3defe6dbf69b594e4d831a89db82ead # v1.0.0
- with:
- version: v1
- args: mod -licenses -json -output kyverno-v${{ env.KYVERNO_VERSION }}-bom.cdx.json
-
- - uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
- with:
- name: kyverno-bom-cdx
- path: kyverno-v*-bom.cdx.json
-
- - name : docker images publish
- run: |
- make docker-publish-sbom
- make docker-publish-kyverno
-
- - name: get digest
- id: get-step
- run: |
- echo "::set-output name=digest::$(make docker-get-kyverno-digest)"
-
- - name: Sign image and SBOM
- env:
- COSIGN_EXPERIMENTAL: "true"
- run: |
- cosign sign \
- -a "repo=${{ github.repository }}" \
- -a "workflow=${{ github.workflow }}" \
- -a "ref=${{ github.sha }}" \
- ghcr.io/kyverno/kyverno@sha256:${{ steps.get-step.outputs.digest }}
- cosign attach sbom -sbom ./*-bom.cdx.json -type cyclonedx ghcr.io/kyverno/sbom:latest
-
- - name: Trivy Scan Image
- uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
- with:
- image-ref: 'ghcr.io/kyverno/kyverno:${{env.KYVERNO_VERSION}}'
- format: 'table'
- exit-code: '1'
- ignore-unfixed: true
- vuln-type: 'os,library'
- severity: 'CRITICAL,HIGH'
+ uses: kyverno/kyverno/.github/workflows/reuse.yaml@main
+ with:
+ publish_command: docker-publish-kyverno
+ digest_command: docker-get-kyverno-digest
+ image_name: kyverno
+ tag: release
+ main: cmd/kyverno
+ secrets:
+ registry_username: ${{ github.actor }}
+ registry_password: ${{ secrets.CR_PAT }}
release-kyverno-cli:
- runs-on: ubuntu-latest
- permissions:
- packages: write
- id-token: write
- steps:
- - name: Checkout
- uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
- with:
- fetch-depth: 0
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
-
- - name: Install Cosign
- uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
- with:
- cosign-release: 'v1.4.1'
-
- - name: Cache Go modules
- uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
- with:
- path: ~/go/pkg/mod
- key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- restore-keys: |
- ${{ runner.os }}-go-
-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
- - uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
-
- - name: login to GitHub Container Registry
- run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@94ab11c41e45d028884a99163086648e898eed25 # v1.6.0
- id: buildx
- with:
- install: true
-
- - name: Set version
- run: |
- echo "KYVERNO_VERSION=$(git describe --match "v[0-9]*")"
-
- - name : docker images publish
- run: |
- make docker-publish-cli
-
- - name: get digest
- id: get-step
- run: |
- echo "::set-output name=digest::$(make docker-get-cli-digest)"
-
- - name: Sign image
- env:
- COSIGN_EXPERIMENTAL: "true"
- run: |
- cosign sign \
- -a "repo=${{ github.repository }}" \
- -a "workflow=${{ github.workflow }}" \
- -a "ref=${{ github.sha }}" \
- ghcr.io/kyverno/kyverno-cli@sha256:${{ steps.get-step.outputs.digest }}
+ uses: kyverno/kyverno/.github/workflows/reuse.yaml@main
+ with:
+ publish_command: docker-publish-cli
+ digest_command: docker-get-cli-digest
+ image_name: kyverno-cli
+ tag: release
+ main: cmd/cli/kubectl-kyverno
+ secrets:
+ registry_username: ${{ github.actor }}
+ registry_password: ${{ secrets.CR_PAT }}
create-release:
runs-on: ubuntu-latest
@@ -261,10 +71,7 @@ jobs:
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- - name: Set up Go
- uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
- with:
- go-version: 1.16
+
- uses: creekorful/goreportcard-action@1f35ced8cdac2cba28c9a2f2288a16aacfd507f9 # v1.0
- name: Make Release
@@ -304,4 +111,4 @@ jobs:
- name: Update new version in krew-index
if: steps.check-tag.outputs.match == 'true'
- uses: rajatjindal/krew-release-bot@3320c0b546b5d2320613c46762bd3f73e2801bdc # v0.0.38
+ uses: rajatjindal/krew-release-bot@3320c0b546b5d2320613c46762bd3f73e2801bdc # v0.0.38
\ No newline at end of file
diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml
new file mode 100644
index 0000000000..72b17fecf2
--- /dev/null
+++ b/.github/workflows/reuse.yaml
@@ -0,0 +1,132 @@
+name: Create Publish and Sign Docker Image
+
+on:
+ workflow_call:
+ inputs:
+ publish_command:
+ required: true
+ type: string
+ digest_command:
+ required: true
+ type: string
+ image_name:
+ required: true
+ type: string
+ tag:
+ required: true
+ type: string
+ main:
+ type: string
+ secrets:
+ registry_username:
+ required: true
+ registry_password:
+ required: true
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ packages: write
+ id-token: write
+ steps:
+ - name: Checkout release
+ if: ${{ inputs.tag == 'release'}}
+ uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
+ with:
+ fetch-depth: 0
+
+ - name: Checkout image
+ if: ${{ inputs.tag == 'image'}}
+ uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
+
+ - name: Unshallow
+ if: ${{ inputs.tag == 'image'}}
+ run: git fetch --prune --unshallow --tags
+
+ - name: Set up Go
+ uses: actions/setup-go@424fc82d43fa5a37540bae62709ddcc23d9520d4 # v2.1.5
+ with:
+ go-version: 1.16
+
+ - name: Install Cosign
+ uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
+ with:
+ cosign-release: 'v1.4.1'
+
+ - name: Cache Go modules
+ uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
+ with:
+ path: ~/go/pkg/mod
+ key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+ restore-keys: |
+ ${{ runner.os }}-go-
+
+ - name: Log into ghcr.io
+ uses: docker/login-action@master
+ with:
+ registry: ghcr.io
+ username: ${{secrets.registry_username}}
+ password: ${{secrets.registry_password}}
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action@4ab11c41e45d028884a99163086648e898eed25 # v1.6.0
+ id: buildx
+ with:
+ install: true
+
+ - name: Run Trivy vulnerability scanner in repo mode
+ if: ${{inputs.tag == 'release'}}
+ uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
+ with:
+ scan-type: 'fs'
+ format: 'table'
+ exit-code: '1'
+ ignore-unfixed: true
+ vuln-type: 'os,library'
+ severity: 'CRITICAL,HIGH'
+
+ - name: Set Version
+ if: ${{ inputs.tag == 'release'}}
+ run: |
+ echo "KYVERNO_VERSION=$(git tag --list --sort=-version:refname "v[0-9]*" | head -n 1)" >> $GITHUB_ENV
+
+ - name: Generate SBOM JSON
+ if: ${{inputs.tag == 'release'}}
+ uses: CycloneDX/gh-gomod-generate-sbom@c18e41a4e3defe6dbf69b594e4d831a89db82ead # v1.0.0
+ with:
+ version: v1
+ args: app -licenses -json -output ${{inputs.image_name}}-${{ env.KYVERNO_VERSION }}-bom.cdx.json -main ${{inputs.main}}
+
+ - name: Upload SBOM JSON
+ if: ${{inputs.tag == 'release'}}
+ uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
+ with:
+ name: ${{inputs.image_name}}-bom-cdx
+ path: ${{inputs.image_name}}-v*-bom.cdx.json
+
+ - name : Docker images publish
+ run: make ${{inputs.publish_command}}
+
+ - name: get digest
+ id: get-step
+ run: |
+ echo "::set-output name=digest::$(make ${{inputs.digest_command}})"
+
+ - name: Sign image
+ env:
+ COSIGN_EXPERIMENTAL: "true"
+ COSIGN_REPOSITORY: "ghcr.io/kyverno/signatures"
+ run: |
+ cosign sign \
+ -a "repo=${{ github.repository }}" \
+ -a "workflow=${{ github.workflow }}" \
+ -a "ref=${{ github.sha }}" \
+ ghcr.io/kyverno/${{inputs.image_name}}@sha256:${{ steps.get-step.outputs.digest }}
+
+ - name : Attach SBOM
+ if: ${{inputs.tag == 'release'}}
+ env:
+ COSIGN_REPOSITORY: "ghcr.io/kyverno/sbom"
+ run: cosign attach sbom --sbom ./${{inputs.image_name}}-v*-bom.cdx.json --type cyclonedx ghcr.io/kyverno/${{inputs.image_name}}@sha256:${{ steps.get-step.outputs.digest }}
diff --git a/Makefile b/Makefile
index 40082fed78..aead93cfcd 100644
--- a/Makefile
+++ b/Makefile
@@ -49,43 +49,6 @@ KYVERNO_PATH:= cmd/kyverno
build: kyverno
PWD := $(CURDIR)
-##################################
-# SIGNATURE CONTAINER
-##################################
-ALPINE_PATH := cmd/alpineBase
-SIG_IMAGE := signatures
-.PHONY: docker-build-signature docker-push-signature
-
-docker-buildx-builder:
- if ! docker buildx ls | grep -q kyverno; then\
- docker buildx create --name kyverno --use;\
- fi
-
-docker-publish-sigs: docker-buildx-builder docker-build-signature docker-push-signature
-
-docker-build-signature: docker-buildx-builder
- @docker buildx build --file $(PWD)/$(ALPINE_PATH)/Dockerfile --tag $(REPO)/$(SIG_IMAGE):$(IMAGE_TAG) .
-
-docker-push-signature: docker-buildx-builder
- @docker buildx build --file $(PWD)/$(ALPINE_PATH)/Dockerfile --push --tag $(REPO)/$(SIG_IMAGE):$(IMAGE_TAG) .
- @docker buildx build --file $(PWD)/$(ALPINE_PATH)/Dockerfile --push --tag $(REPO)/$(SIG_IMAGE):latest .
-
-##################################
-# SBOM CONTAINER
-##################################
-ALPINE_PATH := cmd/alpineBase
-SBOM_IMAGE := sbom
-.PHONY: docker-build-sbom docker-push-sbom
-
-docker-publish-sbom: docker-buildx-builder docker-build-sbom docker-push-sbom
-
-docker-build-sbom: docker-buildx-builder
- @docker buildx build --file $(PWD)/$(ALPINE_PATH)/Dockerfile --tag $(REPO)/$(SBOM_IMAGE):$(IMAGE_TAG) .
-
-docker-push-sbom: docker-buildx-builder
- @docker buildx build --file $(PWD)/$(ALPINE_PATH)/Dockerfile --push --tag $(REPO)/$(SBOM_IMAGE):$(IMAGE_TAG) .
- @docker buildx build --file $(PWD)/$(ALPINE_PATH)/Dockerfile --push --tag $(REPO)/$(SBOM_IMAGE):latest .
-
##################################
# INIT CONTAINER
##################################
@@ -96,6 +59,11 @@ initContainer: fmt vet
.PHONY: docker-build-initContainer docker-push-initContainer
+docker-buildx-builder:
+ if ! docker buildx ls | grep -q kyverno; then\
+ docker buildx create --name kyverno --use;\
+ fi
+
docker-publish-initContainer: docker-buildx-builder docker-build-initContainer docker-push-initContainer
docker-build-initContainer: docker-buildx-builder
diff --git a/cmd/alpineBase/Dockerfile b/cmd/alpineBase/Dockerfile
deleted file mode 100644
index 2f179b98db..0000000000
--- a/cmd/alpineBase/Dockerfile
+++ /dev/null
@@ -1 +0,0 @@
-FROM alpine:3.14
\ No newline at end of file
diff --git a/cosign.pub b/cosign.pub
deleted file mode 100644
index c7a558d4c7..0000000000
--- a/cosign.pub
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExxWHpvn2uMYqg174TmTcnGELOXXM
-7/cGqLZW88FFceihl1WA24yKxtMBZqw/s06XqPqujqRzhkaSKa2zkRUWUA==
------END PUBLIC KEY-----
\ No newline at end of file