Skip to content

Commit

Permalink
chore: rename script references to cosigned
Browse files Browse the repository at this point in the history
Signed-off-by: hectorj2f <[email protected]>
  • Loading branch information
hectorj2f committed May 18, 2022
1 parent f46cbd4 commit f7f1b01
Show file tree
Hide file tree
Showing 12 changed files with 48 additions and 308 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ jobs:
run: gcloud auth configure-docker --quiet
- name: container
run: echo -n "${{secrets.COSIGN_PASSWORD}}" | KO_PREFIX=gcr.io/projectsigstore/cosign/ci make sign-container
- name: cosigned
run: echo -n "${{secrets.COSIGN_PASSWORD}}" | KO_PREFIX=gcr.io/projectsigstore/cosign/ci make sign-cosigned
- name: policy-controller
run: echo -n "${{secrets.COSIGN_PASSWORD}}" | KO_PREFIX=gcr.io/projectsigstore/cosign/ci make sign-policy-controller
- name: sget
run: echo -n "${{secrets.COSIGN_PASSWORD}}" | KO_PREFIX=gcr.io/projectsigstore/cosign/ci make sign-sget
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: Test cosigned with ClusterImagePolicy with attestations
name: Test policy-controller with ClusterImagePolicy with attestations

on:
pull_request:
Expand Down Expand Up @@ -40,7 +40,7 @@ jobs:

env:
KNATIVE_VERSION: "1.1.0"
KO_DOCKER_REPO: "registry.local:5000/cosigned"
KO_DOCKER_REPO: "registry.local:5000/policy-controller"
SCAFFOLDING_RELEASE_VERSION: "v0.2.8"
GO111MODULE: on
GOFLAGS: -ldflags=-s -ldflags=-w
Expand Down Expand Up @@ -74,17 +74,17 @@ jobs:
- name: Install cluster + cosign
uses: sigstore/scaffolding/actions/setup@main

- name: Install cosigned
- name: Install policy-controller
env:
GIT_HASH: ${{ github.sha }}
GIT_VERSION: ci
LDFLAGS: ""
COSIGNED_YAML: cosigned-e2e.yaml
KO_PREFIX: registry.local:5000/cosigned
COSIGNED_YAML: policy-controller-e2e.yaml
KO_PREFIX: registry.local:5000/cospolicy-controllerigned
COSIGNED_ARCHS: linux/amd64
run: |
make ko-cosigned
kubectl apply -f cosigned-e2e.yaml
make ko-policy-controller
kubectl apply -f policy-controller-e2e.yaml
# Wait for the webhook to come up and become Ready
kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/kind-cluster-image-policy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

name: Test cosigned with ClusterImagePolicy
name: Test policy-controller with ClusterImagePolicy

on:
pull_request:
Expand Down Expand Up @@ -40,7 +40,7 @@ jobs:

env:
KNATIVE_VERSION: "1.1.0"
KO_DOCKER_REPO: "registry.local:5000/cosigned"
KO_DOCKER_REPO: "registry.local:5000/policy-controller"
SCAFFOLDING_RELEASE_VERSION: "v0.2.2"
GO111MODULE: on
GOFLAGS: -ldflags=-s -ldflags=-w
Expand Down Expand Up @@ -74,17 +74,17 @@ jobs:
- name: Install cluster + cosign
uses: sigstore/scaffolding/actions/setup@main

- name: Install cosigned
- name: Install policy-controller
env:
GIT_HASH: ${{ github.sha }}
GIT_VERSION: ci
LDFLAGS: ""
COSIGNED_YAML: cosigned-e2e.yaml
KO_PREFIX: registry.local:5000/cosigned
COSIGNED_YAML: policy-controller-e2e.yaml
KO_PREFIX: registry.local:5000/policy-controller
COSIGNED_ARCHS: linux/amd64
run: |
make ko-cosigned
kubectl apply -f cosigned-e2e.yaml
make ko-policy-controller
kubectl apply -f policy-controller-e2e.yaml
# Wait for the webhook to come up and become Ready
kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/kind-e2e-cosigned.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:
REGISTRY_PORT: 5000
INSECURE_REGISTRY_NAME: insecure-registry.notlocal
INSECURE_REGISTRY_PORT: 5001
KO_DOCKER_REPO: registry.local:5000/cosigned
KO_DOCKER_REPO: registry.local:5000/policy-controller

steps:
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v2.4.0
Expand Down Expand Up @@ -97,17 +97,17 @@ jobs:
# local registry, even when pushing $INSECURE_REGISTRY_NAME:$INSECURE_REGISTRY_NAME/some/image
sudo echo "127.0.0.1 $INSECURE_REGISTRY_NAME" | sudo tee -a /etc/hosts
- name: Install cosigned
- name: Install policy-controller
env:
GIT_HASH: ${{ github.sha }}
GIT_VERSION: ci
LDFLAGS: ""
COSIGNED_YAML: cosigned-e2e.yaml
KO_PREFIX: registry.local:5000/cosigned
COSIGNED_YAML: policy-controller-e2e.yaml
KO_PREFIX: registry.local:5000/policy-controller
COSIGNED_ARCHS: linux/amd64
run: |
make ko-cosigned
kubectl apply -f cosigned-e2e.yaml
make ko-policy-controller
kubectl apply -f policy-controller-e2e.yaml
# Wait for the webhook to come up and become Ready
kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
Expand All @@ -123,7 +123,7 @@ jobs:
- name: Run Cosigned Tests
run: |
./test/e2e_test_cosigned.sh
./test/e2e_test_policy_controller.sh
- name: Collect diagnostics
if: ${{ failure() }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/kind-verify-attestation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ jobs:

env:
KNATIVE_VERSION: "1.1.0"
KO_DOCKER_REPO: "registry.local:5000/cosigned"
KO_DOCKER_REPO: "registry.local:5000/policy-controller"
SCAFFOLDING_RELEASE_VERSION: "v0.2.2"
GO111MODULE: on
GOFLAGS: -ldflags=-s -ldflags=-w
Expand Down
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
bin*
dist/
cosignImagerefs
cosignedImagerefs
policyControllerImagerefs
sgetImagerefs
policyImagerefs

Expand Down
2 changes: 1 addition & 1 deletion .ko.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ builds:
- -extldflags "-static"
- "{{ .Env.LDFLAGS }}"

- id: cosigned
- id: policy-controller
dir: .
main: ./cmd/cosign/webhook
env:
Expand Down
24 changes: 12 additions & 12 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -91,9 +91,9 @@ cosign: $(SRCS)
cosign-pivkey-pkcs11key: $(SRCS)
CGO_ENABLED=1 go build -trimpath -tags=pivkey,pkcs11key -ldflags "$(LDFLAGS)" -o cosign ./cmd/cosign

## Build cosigned binary
.PHONY: cosigned
cosigned: policy-webhook
## Build policy-controller binary
.PHONY: policy-controller
policy-controller: policy-webhook
CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/cosign/webhook

.PHONY: policy-webhook
Expand Down Expand Up @@ -128,7 +128,7 @@ test:

clean:
rm -rf cosign
rm -rf cosigned
rm -rf policy-controller
rm -rf sget
rm -rf dist/

Expand All @@ -151,7 +151,7 @@ endef
# ko build
##########
.PHONY: ko
ko: ko-cosign ko-sget ko-cosigned
ko: ko-cosign ko-sget ko-policy-controller

.PHONY: ko-cosign
ko-cosign:
Expand All @@ -171,13 +171,13 @@ ko-sget:
--image-refs sgetImagerefs \
github.com/sigstore/cosign/cmd/sget

.PHONY: ko-cosigned
ko-cosigned: kustomize-cosigned ko-policy-webhook
# cosigned
.PHONY: ko-policy-controller
ko-policy-controller: kustomize-policy-controller ko-policy-webhook
# policy-controller
LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
KOCACHE=$(KOCACHE_PATH) KO_DOCKER_REPO=$(KO_PREFIX)/cosigned ko resolve --bare \
KOCACHE=$(KOCACHE_PATH) KO_DOCKER_REPO=$(KO_PREFIX)/policy-controller ko resolve --bare \
--platform=$(COSIGNED_ARCHS) --tags $(GIT_VERSION) --tags $(GIT_HASH)$(LATEST_TAG) \
--image-refs cosignedImagerefs --filename config/webhook.yaml >> $(COSIGNED_YAML)
--image-refs policyControllerImagerefs --filename config/webhook.yaml >> $(COSIGNED_YAML)

ko-policy-webhook:
# policy_webhook
Expand Down Expand Up @@ -212,8 +212,8 @@ ko-apply:
LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) ko apply -Bf config/


.PHONY: kustomize-cosigned
kustomize-cosigned:
.PHONY: kustomize-policy-controller
kustomize-policy-controller:
kustomize build config/ > $(COSIGNED_YAML)

##################
Expand Down
4 changes: 2 additions & 2 deletions hack/update-codegen.sh
Original file line number Diff line number Diff line change
Expand Up @@ -45,15 +45,15 @@ group "Kubernetes Codegen"
# instead of the $GOPATH directly. For normal projects this can be dropped.
${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \
github.com/sigstore/cosign/pkg/client github.com/sigstore/cosign/pkg/apis \
"cosigned:v1alpha1 cosigned:v1beta1" \
"policycontroller:v1alpha1 policycontroller:v1beta1" \
--go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt

group "Knative Codegen"

# Knative Injection
${KNATIVE_CODEGEN_PKG}/hack/generate-knative.sh "injection" \
github.com/sigstore/cosign/pkg/client github.com/sigstore/cosign/pkg/apis \
"cosigned:v1alpha1 cosigned:v1beta1" \
"policycontroller:v1alpha1 policycontroller:v1beta1" \
--go-header-file ${REPO_ROOT_DIR}/hack/boilerplate/boilerplate.go.txt

group "Update CRD Schema"
Expand Down
8 changes: 4 additions & 4 deletions release/ko-sign-release-images.sh
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ if [[ ! -f sgetImagerefs ]]; then
exit 1
fi

if [[ ! -f cosignedImagerefs ]]; then
echo "cosignedImagerefs not found"
if [[ ! -f policyControllerImagerefs ]]; then
echo "policyControllerImagerefs not found"
exit 1
fi

Expand All @@ -51,11 +51,11 @@ echo "Signing cosign images with GCP KMS Key..."

cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat cosignImagerefs)"
cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat sgetImagerefs)"
cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat cosignedImagerefs)"
cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat policyControllerImagerefs)"
cosign sign --force --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat policyImagerefs)"

echo "Signing images with Keyless..."
cosign sign --force -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat cosignImagerefs)"
cosign sign --force -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat sgetImagerefs)"
cosign sign --force -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat cosignedImagerefs)"
cosign sign --force -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat policyControllerImagerefs)"
cosign sign --force -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" "$(cat policyImagerefs)"
8 changes: 4 additions & 4 deletions release/release.mk
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ snapshot:
copy-cosign-signed-release-to-ghcr:
cosign copy $(KO_PREFIX)/cosign:$(GIT_VERSION) $(GHCR_PREFIX)/cosign:$(GIT_VERSION)

.PHONY: copy-cosigned-signed-release-to-ghcr
copy-cosigned-signed-release-to-ghcr:
cosign copy $(KO_PREFIX)/cosigned:$(GIT_VERSION) $(GHCR_PREFIX)/cosigned:$(GIT_VERSION)
.PHONY: copy-policy-controller-signed-release-to-ghcr
copy-policy-controller-signed-release-to-ghcr:
cosign copy $(KO_PREFIX)/policy-controller:$(GIT_VERSION) $(GHCR_PREFIX)/policy-controller:$(GIT_VERSION)

.PHONY: copy-policy-webhook-signed-release-to-ghcr
copy-policy-webhook-signed-release-to-ghcr:
Expand All @@ -41,4 +41,4 @@ copy-sget-signed-release-to-ghcr:
cosign copy $(KO_PREFIX)/sget:$(GIT_VERSION) $(GHCR_PREFIX)/sget:$(GIT_VERSION)

.PHONY: copy-signed-release-to-ghcr
copy-signed-release-to-ghcr: copy-cosign-signed-release-to-ghcr copy-cosigned-signed-release-to-ghcr copy-sget-signed-release-to-ghcr copy-policy-webhook-signed-release-to-ghcr
copy-signed-release-to-ghcr: copy-cosign-signed-release-to-ghcr copy-policy-controller-signed-release-to-ghcr copy-sget-signed-release-to-ghcr copy-policy-webhook-signed-release-to-ghcr
Loading

0 comments on commit f7f1b01

Please sign in to comment.