test image signing using cosign #3
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Afzal <[email protected]>
Signed-off-by: Afzal <[email protected]>
Signed-off-by: Afzal <[email protected]>
Signed-off-by: Afzal <[email protected]>
Signed-off-by: Afzal <[email protected]>
Signed-off-by: Afzal <[email protected]>
sbin64
changed the title
sbin64
changed the title
|
@developer-guy plz review it! thanks |
|
plz consider this https://github.com/Cloud-Hacks/jaeger/blob/d6ba71ed8e6fb1e23b910dfe79bcbcdb3475a072/.github/workflows/ci-release.yml
|
|
@developer-guy as a friendly reminder, could u review that? |
| env: | ||
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }} | ||
| COSIGN_EXPERIMENTAL: "true" |
There was a problem hiding this comment.
you don't need this anymore since you are using cosign > v2.x here
| QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }} | ||
| COSIGN_EXPERIMENTAL: "true" | ||
| run: | | ||
| cosign sign jaeger-build@${{ steps.digest.outputs.imagedigest }} |
There was a problem hiding this comment.
you can read more about the risks of script injections: docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
There was a problem hiding this comment.
Any suggestion plz! cosign sign jaeger-build@${{ steps.digest.outputs.imagedigest }} didn't work for me.
| - name: Get Image Digest | ||
| id: digest | ||
| run: | | ||
| echo "imagedigest=$(docker images jaeger-build:${{ steps.tags.outputs.tag }} --digests --quiet --no-trunc)" >> $GITHUB_OUTPUT |
There was a problem hiding this comment.
(Optional) there are some tools that I can help you to find the digest of the image like crane, regctl, etc, without having the image stored locally.
There was a problem hiding this comment.
sure, plz! suggestions are welcome too. 😄
I had been trying hard to get the digest, but failed.
|
@developer-guy can you take a look again? Thanks. |
|
Heyya @developer-guy it's been quite while now since you took up this. LMK how we can proceed further. Hope you can do this weekend. |
Signed-off-by: Afzal <[email protected]>
afzal442
pushed a commit
that referenced
this pull request
Feb 12, 2024
## Which problem is this PR solving? - Third prototype of "Jaeger-v2" - Another alternative approach to jaegertracing#3500 ## Description of the changes - Adds a new binary `jaeger-v2` using OTEL Collector framework - Minimal amount of extensions is included, to mimic what `jaeger-collector` normally has - It will combine all previous functions of agent/collector/query in one binary, but controllable via config file ``` $ go run -tags=ui ./cmd/jaeger-v2 --config ./cmd/jaeger-v2/config.yaml ``` ## Roadmap https://docs.google.com/document/d/1s4_6VgAS7qAVp6iEm5KYvpiGw3h2Ja5T5HpKo29iv00/edit ## Design * the ingestion and storing of traces will be done via standard receivers/processors/exporters OTEL Collector components * the jaeger-query and UI are implemented as `jaeger_query` extension (already working in this PR) ### Storage In order to keep the flexibility of mixing & matching storage implementations, all backends can be configured via `jaeger_storage` extension (we may need to add `jaeger_metrics_storage` extension in the future). It might look like this: ```yaml jaeger_storage: memory: # defines Factory memstore: max_traces: 100000 cassandra: cassandra_primary: servers: [...] namespace: jaeger cassandra_archive: servers: [...] namespace: jaeger_archive ``` The `jaeger_query` extension then references specific storage factories by name: ```yaml jaeger_query: trace_storage: memstore dependencies: something_else metrics_store: prometheus_store ``` It's not clear yet if `jaeger_query` extension should simply subsume `jaeger_storage` extension, because Query is the only one that needs this _generic_ access to storage, while things like exporters or Kafka ingester (receiver) always deal with a single implementation (because OTEL Coll pipeline allows to connect them with each other, which is not possible with extensions). ## Trade-offs - This not using OTEL Collector builder `ocb`. That means people won't be able to assemble a different version of the collector with other extensions. - We may want to support `ocb` in the future, as it makes it easier to write custom in-process exporters for custom storage. It will require converting all the components into their own modules. ## Next steps * [x] Get feedback from the community on the approach * [x] Fully implement all-in-one by wiring receivers / exporters correctly ## Open Questions * How can we implement all-in-one equivalent that can be run without any config file? * Do we want [healthcheckextension](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/extension/healthcheckextension/README.md) to be included by default? * Investigate startup error `2023-09-23T19:55:46.661-0400 warn zapgrpc/zapgrpc.go:195 [core] [Channel #2 SubChannel #3] grpc: addrConn.createTransport failed to connect to {Addr: ":16685", ServerName: "localhost:16685", }. Err: connection error: desc = "transport: Error while dialing: dial tcp :16685: connect: connection refused" {"grpc_log": true}` --------- Signed-off-by: Yuri Shkuro <[email protected]> Signed-off-by: Yuri Shkuro <[email protected]> Co-authored-by: Albert <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.