mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 00:17:13 +00:00
Code Activity
kyverno/.github/workflows/image.yaml
Zahid Khan 1fef873762
feature: SLSA Level 3 provenance generation for Kyverno images: kyverno init, kyverno and kyvernopre (#4268) 
Signed-off-by: zurrehma <zahid.chashma@gmail.com>

Signed-off-by: zurrehma <zahid.chashma@gmail.com>
Co-authored-by: Chip Zoller <chipzoller@gmail.com>
Co-authored-by: Jim Bugwadia <jim@nirmata.com>
2022-10-28 14:19:15 +00:00

90 lines
No EOL
3.1 KiB
YAML
Raw Blame History

name: image
on:
push:
branches:
- 'main'
- 'release*'
permissions:
contents: read
packages: write
id-token: write
jobs:
push-init-kyverno:
uses: ./.github/workflows/reuse.yaml
with:
publish_command: ko-publish-kyvernopre
image_name: kyvernopre
tag: image
secrets:
registry_username: ${{ github.actor }}
registry_password: ${{ secrets.CR_PAT }}
push-kyverno:
uses: ./.github/workflows/reuse.yaml
with:
publish_command: ko-publish-kyverno
image_name: kyverno
tag: image
secrets:
registry_username: ${{ github.actor }}
registry_password: ${{ secrets.CR_PAT }}
push-kyverno-cli:
uses: ./.github/workflows/reuse.yaml
with:
publish_command: ko-publish-cli
image_name: kyverno-cli
tag: image
secrets:
registry_username: ${{ github.actor }}
registry_password: ${{ secrets.CR_PAT }}
generate-init-kyverno-provenance:
needs: push-init-kyverno
permissions:
id-token: write # To sign the provenance.
packages: write # To upload assets to release.
actions: read #To read the workflow path.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@9dc6318aedc3d24ede4e946966d30c752769a4f9
with:
image: ghcr.io/${{ github.repository_owner }}/kyvernopre
digest: "${{ needs.push-init-kyverno.outputs.init_sha256_digest }}"
registry-username: ${{ github.actor }}
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/492): Remove after GA release.
compile-generator: true
secrets:
registry-password: ${{ secrets.CR_PAT }}
generate-kyverno-provenance:
needs: push-kyverno
permissions:
id-token: write # To sign the provenance.
packages: write # To upload assets to release.
actions: read #To read the workflow path.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@9dc6318aedc3d24ede4e946966d30c752769a4f9
with:
image: ghcr.io/${{ github.repository_owner }}/kyverno
digest: "${{ needs.push-kyverno.outputs.kyverno_sha256_digest }}"
registry-username: ${{ github.actor }}
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/492): Remove after GA release.
compile-generator: true
secrets:
registry-password: ${{ secrets.CR_PAT }}
generate-kyverno-cli-provenance:
needs: push-kyverno-cli
permissions:
id-token: write # To sign the provenance.
packages: write # To upload assets to release.
actions: read #To read the workflow path.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@9dc6318aedc3d24ede4e946966d30c752769a4f9
with:
image: ghcr.io/${{ github.repository_owner }}/kyverno-cli
digest: "${{ needs.push-kyverno-cli.outputs.cli_sha256_digest }}"
registry-username: ${{ github.actor }}
# TODO(https://github.com/slsa-framework/slsa-github-generator/issues/492): Remove after GA release.
compile-generator: true
secrets:
registry-password: ${{ secrets.CR_PAT }}
View git blame Copy permalink