mirror of https://github.com/knative/pkg.git
upgrade to latest dependencies (#2609)
bumping knative.dev/hack 52a87e1...3fdc50b: > 3fdc50b Remove Signing Feature Gate (# 236) > 2d67db5 generate provenances (# 237) Signed-off-by: Knative Automation <automation@knative.team> Signed-off-by: Knative Automation <automation@knative.team>
This commit is contained in:
knative-automation
GitHub
parent
21d3b47e2e
commit
714b7630a8
2
go.mod
2
go.mod
|
|
@ -50,7 +50,7 @@ require (
|
|||
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185
|
||||
k8s.io/klog/v2 v2.70.2-0.20220707122935-0990e81f1a8f
|
||||
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
|
||||
knative.dev/hack v0.0.0-20221006013832-52a87e1514cb
|
||||
knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a
|
||||
sigs.k8s.io/yaml v1.3.0
|
||||
)
|
||||
|
||||
|
|
|
|||
4
go.sum
4
go.sum
|
|
@ -970,8 +970,8 @@ k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkI
|
|||
k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
|
||||
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
|
||||
k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
|
||||
knative.dev/hack v0.0.0-20221006013832-52a87e1514cb h1:2nuaaUM1scgTG8/V3py7om8Zj7k+r/i1eKtcVEST8Io=
|
||||
knative.dev/hack v0.0.0-20221006013832-52a87e1514cb/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
|
||||
knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a h1:yfq1OMrkyYkxDeM0pmAOeN4YF16R/WG0C+VvLBeq4uc=
|
||||
knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
|
||||
pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U=
|
||||
pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
|
||||
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
|
||||
|
|
|
|||
|
|
@ -314,7 +314,7 @@ function build_from_source() {
|
|||
|
||||
# Build a release from source.
|
||||
function sign_release() {
|
||||
if [ -z "${SIGN_IMAGES:-}" ]; then # Temporary Feature Gate
|
||||
if (( ! IS_PROW )); then # This function can't be run by devs on their laptops
|
||||
return 0
|
||||
fi
|
||||
|
||||
|
|
@ -331,26 +331,29 @@ function sign_release() {
|
|||
zip files.zip ${FILES}
|
||||
rcodesign notary-submit files.zip --api-key-path="${APPLE_NOTARY_API_KEY}" --wait
|
||||
sha256sum ${ARTIFACTS_TO_PUBLISH//checksums.txt/} > checksums.txt
|
||||
echo "🧮 Post Notarization Checksum:"
|
||||
cat checksums.txt
|
||||
fi
|
||||
|
||||
ID_TOKEN=$(gcloud auth print-identity-token --audiences=sigstore \
|
||||
--include-email \
|
||||
--impersonate-service-account="${SIGNING_IDENTITY}")
|
||||
echo "Signing Images with the identity ${SIGNING_IDENTITY}"
|
||||
## Sign the images with cosign
|
||||
## For now, check if ko has created imagerefs.txt file. In the future, missing image refs will break
|
||||
## the release for all jobs that publish images.
|
||||
if [[ -f "imagerefs.txt" ]]; then
|
||||
echo "Signing Images with the identity ${SIGNING_IDENTITY}"
|
||||
COSIGN_EXPERIMENTAL=1 cosign sign $(cat imagerefs.txt) --recursive --identity-token="$(
|
||||
gcloud auth print-identity-token --audiences=sigstore \
|
||||
--include-email \
|
||||
--impersonate-service-account="${SIGNING_IDENTITY}")"
|
||||
COSIGN_EXPERIMENTAL=1 cosign sign $(cat imagerefs.txt) --recursive --identity-token="${ID_TOKEN}"
|
||||
if [ -n "${ATTEST_IMAGES:-}" ]; then # Temporary Feature Gate
|
||||
provenance-generator --clone-log=/logs/clone.json \
|
||||
--image-refs=imagerefs.txt --output=attestation.json
|
||||
COSIGN_EXPERIMENTAL=1 cosign attest $(cat imagerefs.txt) --recursive --identity-token="${ID_TOKEN}" \
|
||||
--predicate=attestation.json --type=slsaprovenance
|
||||
fi
|
||||
fi
|
||||
|
||||
## Check if there is checksums.txt file. If so, sign the checksum file
|
||||
if [[ -f "checksums.txt" ]]; then
|
||||
echo "Signing Images with the identity ${SIGNING_IDENTITY}"
|
||||
COSIGN_EXPERIMENTAL=1 cosign sign-blob checksums.txt --output-signature=checksums.txt.sig --output-certificate=checksums.txt.pem --identity-token="$(
|
||||
gcloud auth print-identity-token --audiences=sigstore \
|
||||
--include-email \
|
||||
--impersonate-service-account="${SIGNING_IDENTITY}")"
|
||||
COSIGN_EXPERIMENTAL=1 cosign sign-blob checksums.txt --output-signature=checksums.txt.sig --output-certificate=checksums.txt.pem --identity-token="${ID_TOKEN}"
|
||||
ARTIFACTS_TO_PUBLISH="${ARTIFACTS_TO_PUBLISH} checksums.txt.sig checksums.txt.pem"
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1116,7 +1116,7 @@ k8s.io/utils/net
|
|||
k8s.io/utils/pointer
|
||||
k8s.io/utils/strings/slices
|
||||
k8s.io/utils/trace
|
||||
# knative.dev/hack v0.0.0-20221006013832-52a87e1514cb
|
||||
# knative.dev/hack v0.0.0-20221010154335-3fdc50b9c24a
|
||||
## explicit; go 1.18
|
||||
knative.dev/hack
|
||||
# sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2
|
||||
|
|
|
|||
Loading…
Reference in New Issue