Skip to content

Commit

Permalink
Merge pull request #231 from salasberryfin/revert-slsa-provenance
Browse files Browse the repository at this point in the history
chore: disable slsa provenance in release workflow
  • Loading branch information
salasberryfin authored Oct 23, 2023
2 parents c962726 + 90654a3 commit a06f1d6
Showing 1 changed file with 1 addition and 69 deletions.
70 changes: 1 addition & 69 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -101,40 +101,6 @@ jobs:
image=$(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
cosign verify ${image} --certificate-identity=https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ env.TAG }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
ghcr-provenance:
needs: [ghcr-sign]
permissions:
actions: read
id-token: write
packages: write
strategy:
matrix:
images: [
{
"image":"${{ needs.build-ghcr.outputs.multiarch_image }}",
"digest":"${{ needs.build-ghcr.outputs.multiarch_digest }}"
},
{
"image":"${{ needs.build-ghcr.outputs.amd64_image }}",
"digest":"${{ needs.build-ghcr.outputs.amd64_digest }}"
},
{
"image":"${{ needs.build-ghcr.outputs.arm64_image }}",
"digest":"${{ needs.build-ghcr.outputs.arm64_digest }}"
},
{
"image":"${{ needs.build-ghcr.outputs.s390x_image }}",
"digest":"${{ needs.build-ghcr.outputs.s390x_digest }}"
}
]
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: $(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
digest: $(echo ${{ matrix.images.digest }} | base64 -d | base64 -d)
secrets:
registry-username: ${{ github.actor }}
registry-password: ${{ secrets.GITHUB_TOKEN }}

build-prod:
runs-on: ubuntu-latest
permissions:
Expand Down Expand Up @@ -227,43 +193,9 @@ jobs:
image=$(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
cosign verify ${image} --certificate-identity=https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ env.TAG }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
prod-provenance:
needs: [prod-sign]
permissions:
actions: read
id-token: write
packages: write
strategy:
matrix:
images: [
{
"image":"${{ needs.build-prod.outputs.multiarch_image }}",
"digest":"${{ needs.build-prod.outputs.multiarch_digest }}"
},
{
"image":"${{ needs.build-prod.outputs.amd64_image }}",
"digest":"${{ needs.build-prod.outputs.amd64_digest }}"
},
{
"image":"${{ needs.build-prod.outputs.arm64_image }}",
"digest":"${{ needs.build-prod.outputs.arm64_digest }}"
},
{
"image":"${{ needs.build-prod.outputs.s390x_image }}",
"digest":"${{ needs.build-prod.outputs.s390x_digest }}"
}
]
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: $(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
digest: $(echo ${{ matrix.images.digest }} | base64 -d | base64 -d)
secrets:
registry-username: ${{ secrets.REGISTRY_USERNAME }}
registry-password: ${{ secrets.REGISTRY_PASSWORD }}

release:
name: Create helm release
needs: [prod-provenance]
needs: [prod-sign]
runs-on: ubuntu-latest
env:
TAG: ${{ github.ref_name }}
Expand Down

0 comments on commit a06f1d6

Please sign in to comment.