Notarize all nightlies and release jobs

prow/jobs/generated/knative-sandbox/kn-plugin-admin-main.gen.yaml

@@ -67,9 +67,13 @@ periodics:
       - ./hack/release.sh
       - --publish
       - --tag-release
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/nightly-account/service-account.json
       - name: SIGN_IMAGES
         value: "true"
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -78,19 +82,24 @@ periodics:
       securityContext:
         privileged: true
       volumeMounts:
-      - mountPath: /etc/nightly-account
-        name: nightly-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: nightly
     volumes:
-    - name: nightly-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: nightly.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 - annotations:
     testgrid-dashboards: kn-plugin-admin
     testgrid-tab-name: release
@@ -115,11 +124,17 @@ periodics:
       - gcr.io/knative-releases
       - --github-token
       - /etc/hub-token/token
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/release-account/service-account.json
       - name: E2E_CLUSTER_REGION
         value: us-central1
+      - name: SIGN_IMAGES
+        value: "true"
       - name: ORG_NAME
         value: knative-sandbox
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -131,25 +146,30 @@ periodics:
       - mountPath: /etc/hub-token
         name: hub-token
         readOnly: true
-      - mountPath: /etc/release-account
-        name: release-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: release
     volumes:
     - name: hub-token
       secret:
         items:
         - key: hub_token
           path: token
         secretName: github-credentials
-    - name: release-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: release.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 presubmits:
   knative-sandbox/kn-plugin-admin:
   - always_run: true

prow/jobs/generated/knative-sandbox/kn-plugin-event-main.gen.yaml

@@ -67,9 +67,13 @@ periodics:
       - ./hack/release.sh
       - --publish
       - --tag-release
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/nightly-account/service-account.json
       - name: SIGN_IMAGES
         value: "true"
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -78,19 +82,24 @@ periodics:
       securityContext:
         privileged: true
       volumeMounts:
-      - mountPath: /etc/nightly-account
-        name: nightly-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: nightly
     volumes:
-    - name: nightly-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: nightly.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 - annotations:
     testgrid-dashboards: kn-plugin-event
     testgrid-tab-name: release
@@ -115,11 +124,17 @@ periodics:
       - gcr.io/knative-releases
       - --github-token
       - /etc/hub-token/token
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/release-account/service-account.json
       - name: E2E_CLUSTER_REGION
         value: us-central1
+      - name: SIGN_IMAGES
+        value: "true"
       - name: ORG_NAME
         value: knative-sandbox
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -131,25 +146,30 @@ periodics:
       - mountPath: /etc/hub-token
         name: hub-token
         readOnly: true
-      - mountPath: /etc/release-account
-        name: release-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: release
     volumes:
     - name: hub-token
       secret:
         items:
         - key: hub_token
           path: token
         secretName: github-credentials
-    - name: release-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: release.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 presubmits:
   knative-sandbox/kn-plugin-event:
   - always_run: true

prow/jobs/generated/knative-sandbox/kn-plugin-operator-main.gen.yaml

@@ -67,9 +67,13 @@ periodics:
       - ./hack/release.sh
       - --publish
       - --tag-release
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/nightly-account/service-account.json
       - name: SIGN_IMAGES
         value: "true"
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -78,19 +82,24 @@ periodics:
       securityContext:
         privileged: true
       volumeMounts:
-      - mountPath: /etc/nightly-account
-        name: nightly-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: nightly
     volumes:
-    - name: nightly-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: nightly.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 - annotations:
     testgrid-dashboards: kn-plugin-operator
     testgrid-tab-name: release
@@ -115,11 +124,17 @@ periodics:
       - gcr.io/knative-releases
       - --github-token
       - /etc/hub-token/token
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/release-account/service-account.json
       - name: E2E_CLUSTER_REGION
         value: us-central1
+      - name: SIGN_IMAGES
+        value: "true"
       - name: ORG_NAME
         value: knative-sandbox
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -131,25 +146,30 @@ periodics:
       - mountPath: /etc/hub-token
         name: hub-token
         readOnly: true
-      - mountPath: /etc/release-account
-        name: release-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: release
     volumes:
     - name: hub-token
       secret:
         items:
         - key: hub_token
           path: token
         secretName: github-credentials
-    - name: release-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: release.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 presubmits:
   knative-sandbox/kn-plugin-operator:
   - always_run: true

prow/jobs/generated/knative-sandbox/kn-plugin-quickstart-main.gen.yaml

@@ -124,11 +124,17 @@ periodics:
       - gcr.io/knative-releases
       - --github-token
       - /etc/hub-token/token
+      - --apple-codesign-key
+      - /etc/notary/cert.p12
+      - --apple-notary-api-key
+      - /etc/notary/key.json
+      - --apple-codesign-password-file
+      - /etc/notary/password
       env:
-      - name: GOOGLE_APPLICATION_CREDENTIALS
-        value: /etc/release-account/service-account.json
       - name: E2E_CLUSTER_REGION
         value: us-central1
+      - name: SIGN_IMAGES
+        value: "true"
       - name: ORG_NAME
         value: knative-sandbox
       image: gcr.io/knative-tests/test-infra/prow-tests:v20221005-aef947d7
@@ -140,25 +146,30 @@ periodics:
       - mountPath: /etc/hub-token
         name: hub-token
         readOnly: true
-      - mountPath: /etc/release-account
-        name: release-account
+      - mountPath: /etc/notary
+        name: apple-notary-creds
         readOnly: true
     nodeSelector:
       kubernetes.io/arch: amd64
       type: testing
+    serviceAccountName: release
     volumes:
     - name: hub-token
       secret:
         items:
         - key: hub_token
           path: token
         secretName: github-credentials
-    - name: release-account
+    - name: apple-notary-creds
       secret:
         items:
-        - key: release.json
-          path: service-account.json
-        secretName: prow-google-credentials
+        - key: notary-api-key
+          path: key.json
+        - key: signing-certificate
+          path: cert.p12
+        - key: signing-certificate-password
+          path: password
+        secretName: apple-notary-creds
 presubmits:
   knative-sandbox/kn-plugin-quickstart:
   - always_run: true