1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00

chore: signing helm releases (#4801)

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Co-authored-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Batuhan Apaydın 2022-10-12 23:14:44 +03:00 committed by GitHub
parent 25963aba60
commit f45584bfd6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 3 deletions

View file

@ -30,6 +30,11 @@ jobs:
create-release:
runs-on: ubuntu-latest
needs: helm-tests
permissions:
contents: write
packages: write
id-token: write
pages: write
steps:
- name: Checkout
uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
@ -41,6 +46,12 @@ jobs:
with:
version: v3.8.0
- name: Install Cosign
uses: sigstore/cosign-installer@7cc35d7fdbe70d4278a0c96779081e6fac665f88 # v2.8.0
with:
cosign-release: 'v1.13.0'
- name: Set version
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
@ -72,10 +83,14 @@ jobs:
helm registry login --username ${GITHUB_ACTOR} --password ${{ secrets.GITHUB_TOKEN }} ghcr.io
- name: Publish OCI Charts
env:
COSIGN_EXPERIMENTAL: 1
run: |
for dir in `find charts-tmp -maxdepth 1 -mindepth 1 -type d -print`; do
chart=${dir##*/}
echo "Found chart: ${chart}"
helm package charts-tmp/${chart} --destination .dist
helm push .dist/${chart}-*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts
helm push .dist/${chart}-*.tgz oci://ghcr.io/${{ github.repository_owner }}/charts > .digest
cosign login --username ${GITHUB_ACTOR} --password ${{ secrets.CR_PAT_ARTIFACTS }} ghcr.io
cosign sign ghcr.io/${{ github.repository_owner }}/charts/${chart}@$(cat .digest | awk -F "[, ]+" '/Digest/{print $NF}')
done

View file

@ -47,9 +47,9 @@ jobs:
go-version: ~1.18.6
- name: Install Cosign
uses: sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
uses: sigstore/cosign-installer@7cc35d7fdbe70d4278a0c96779081e6fac665f88 # v2.8.0
with:
cosign-release: 'v1.11.0'
cosign-release: 'v1.13.0'
- name: Cache Go modules
uses: actions/cache@fd5de65bc895cf536527842281bea11763fefd77 # pin@v3