Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#
# Copyright 2021 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: CI-Validate-Release-Job
on:
push:
branches:
- main
- release-*
pull_request:
jobs:
validate-release-job:
runs-on: ubuntu-latest
permissions:
actions: none
checks: none
contents: none
deployments: none
issues: none
packages: none
pull-requests: none
repository-projects: none
security-events: none
statuses: none
CROSS_BUILDER_IMAGE: ghcr.io/gythialy/golang-cross:v1.17.7-0@sha256:949325ffc52c16867d78412ce70f5ce531812c20e7528ae70dc9e718d72223e8
COSIGN_IMAGE: gcr.io/projectsigstore/cosign:v1.5.1@sha256:6247b2e693b0e6a62dcfa75eb46b698c1f4cd1aca36aaefafd4bbb2f2b2af717
- uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3
- name: Extract version of Go to use
run: echo "GOVERSION=$(cat Dockerfile|grep golang | awk ' { print $2 } ' | cut -d '@' -f 1 | cut -d ':' -f 2 | uniq)" >> $GITHUB_ENV
- uses: actions/setup-go@f6164bd8c8acb4a71fb2791a8b6c4024ff038dab # v3.0.0
with:
go-version: ${{ env.GOVERSION }}
- uses: anchore/sbom-action/download-syft@3626d7d7b13e87ee6c6f9ded3940dea05a3967bc # v0.6.0
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@b953231f81b8dfd023c58e0854a721e35037f28b # v2.9.1
with:
install-only: true
- name: Check Signature
run: |
docker run --rm \
-e COSIGN_EXPERIMENTAL=true \
-e TUF_ROOT=/tmp \
$COSIGN_IMAGE \
verify \
$CROSS_BUILDER_IMAGE
- name: snaphot
run: make snapshot
env:
PROJECT_ID: honk-fake-project
RUNTIME_IMAGE: gcr.io/distroless/static:debug-nonroot
- name: check binaries
run: |
./dist/rekor-server-linux-amd64 version
./dist/rekor-cli-linux-amd64 version