Skip to content

Commit

Permalink
ci: update rc workflow
Browse files Browse the repository at this point in the history
- update job name
- enable cosign verification

Signed-off-by: Ahmed AbouZaid <[email protected]>
  • Loading branch information
aabouzaid committed Oct 11, 2024
1 parent cdb8bee commit 948a1cd
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 33 deletions.
64 changes: 38 additions & 26 deletions .github/workflows/chart-release-candidate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,43 +4,55 @@ on:
push:
branches:
- release-candidate*
- 2404-aa-update-rc-workflow

jobs:
release:
name: Release Candidate
uses: ./.github/workflows/chart-release-template.yaml
with:
branch: ${{ github.ref_name }}
workflow-ref: chart-release-template.yaml
# chart-matrix: |
# [
# {
# "name": "Helm Chart RC - 8.2",
# "directory": "charts/camunda-platform-8.2",
# "versionSuffix": "rc-8.2",
# "override": true
# },
# {
# "name": "Helm Chart RC - 8.3",
# "directory": "charts/camunda-platform-8.3",
# "versionSuffix": "rc-8.3",
# "override": true
# },
# {
# "name": "Helm Chart RC - 8.4",
# "directory": "charts/camunda-platform-8.4",
# "versionSuffix": "rc-8.4",
# "override": true
# },
# {
# "name": "Helm Chart RC - 8.5",
# "directory": "charts/camunda-platform-8.5",
# "versionSuffix": "rc-8.5",
# "override": true
# },
# {
# "name": "Helm Chart RC - 8.6",
# "directory": "charts/camunda-platform-8.6",
# "versionSuffix": "rc-8.6",
# "override": true
# }
# ]

chart-matrix: |
[
{
"name": "Helm Chart rolling - 8.2",
"name": "Helm Chart RC - 8.2",
"directory": "charts/camunda-platform-8.2",
"versionSuffix": "rc-8.2",
"override": true
},
{
"name": "Helm Chart rolling - 8.3",
"directory": "charts/camunda-platform-8.3",
"versionSuffix": "rc-8.3",
"override": true
},
{
"name": "Helm Chart rolling - 8.4",
"directory": "charts/camunda-platform-8.4",
"versionSuffix": "rc-8.4",
"override": true
},
{
"name": "Helm Chart rolling - 8.5",
"directory": "charts/camunda-platform-8.5",
"versionSuffix": "rc-8.5",
"override": true
},
{
"name": "Helm Chart rolling - 8.6",
"directory": "charts/camunda-platform-8.6",
"versionSuffix": "rc-8.6",
"versionSuffix": "test-8.2",
"override": true
}
]
1 change: 1 addition & 0 deletions .github/workflows/chart-release-snapshot.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
uses: ./.github/workflows/chart-release-template.yaml
with:
branch: ${{ github.ref_name }}
workflow-ref: chart-release-template.yaml
chart-matrix: |
[
{
Expand Down
18 changes: 11 additions & 7 deletions .github/workflows/chart-release-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@ on:
description: List of charts to release.
required: true
type: string
workflow-ref:
description: The reference of the workflow which will be used sign the chart OCI artifact in keyless mode.
required: true
type: string

jobs:
clean:
Expand Down Expand Up @@ -134,13 +138,13 @@ jobs:
run: |
cosign sign-blob -y ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
--bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle
# - name: Verify signed Helm chart with Cosign
# if: env.PUBLISH_ARTIFACT == 'true'
# run: |
# cosign verify-blob ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
# --bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle \
# --certificate-identity "https://github.com/${GITHUB_WORKFLOW_REF}" \
# --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
- name: Verify signed Helm chart with Cosign
if: env.PUBLISH_ARTIFACT == 'true'
run: |
cosign verify-blob ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.tgz \
--bundle ${{ env.CHART_NAME }}-${{ env.CHART_VERSION }}.cosign.bundle \
--certificate-identity "https://github.com/${{ github.repository }}/.github/workflows/${{ inputs.workflow-ref }}@refs/heads/${{ inputs.branch }}" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com"
- name: Login to GitHub Container Registry
if: env.PUBLISH_ARTIFACT == 'true'
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
Expand Down

0 comments on commit 948a1cd

Please sign in to comment.