Bring in cosign sign and attest support and fix verify-enterprise-contract #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jul 30, 2024
zregvart
approved these changes
Jul 31, 2024
mmorhun
reviewed
Jul 31, 2024
chmeliik
reviewed
Aug 1, 2024
resources/gather-deploy-images.sh
Outdated
| done | sort -u > "$IMAGES_FILE" | ||
|
|
||
| # For development purposes, allow injecting your own list of images | ||
| if [ -n "${MY_IMAGES_TO_VERIFY}" ]; then |
There was a problem hiding this comment.
won't the script fail if MY_IMAGES_TO_VERIFY is unset (because of set -u)
There was a problem hiding this comment.
Thanks, good catch.
Suggested change
| if [ -n "${MY_IMAGES_TO_VERIFY}" ]; then | |
| if [ -n "${MY_IMAGES_TO_VERIFY:-}" ]; then |
There was a problem hiding this comment.
Done in an upcoming revision.
There was a problem hiding this comment.
Actually maybe this could be removed entirely. It was useful when I was testing this in the tssc-jenkins repo, but perhaps it could be dropped for this repo.
There was a problem hiding this comment.
(Decided to remove it from the next revision.)
chmeliik
reviewed
Aug 1, 2024
|
Thanks very much for the reviews. I'll aim to push a new revision later today. |
simonbaird
added a commit
to simonbaird/build-definitions
that referenced
this pull request
Aug 2, 2024
Short explanation: Clean up the code a little by using a variable. Long explanation: This task gets converted to a bash script and wrapped by a Jenkins shared library in the brand new RHTAP Jenkins pipeline same templates. When testing the RHTAP Jenkins pipeline I found the default Jenkins user could not write to /tmp/, so I wanted to change the location of the file. This refactor makes that just a single line change, rather than having to change the path in three different places. See also redhat-appstudio/tssc-sample-jenkins#1 where this PR was suggested by @mmorhun, and also redhat-appstudio/tssc-dev-multi-ci#2 where the cosign, Enterprise Contract, and promote pipeline support was being added to the RHTAP Jenkins templates.
simonbaird
added a commit
to simonbaird/build-definitions
that referenced
this pull request
Aug 2, 2024
Short explanation: Clean up the code a little by using a variable. Long explanation: This task gets converted to a bash script and wrapped by a Jenkins shared library in the brand new RHTAP Jenkins pipeline sample templates. When testing the RHTAP Jenkins pipeline I found the default Jenkins user could not write to /tmp/, so I wanted to change the location of the file. This refactor makes that just a single line change, rather than having to change the path in three places. See also redhat-appstudio/tssc-sample-jenkins#1 where this PR was suggested by @mmorhun, and also redhat-appstudio/tssc-dev-multi-ci#2 where the cosign, Enterprise Contract, and promote pipeline support was being added to the RHTAP Jenkins templates.
github-merge-queue bot
pushed a commit
to konflux-ci/build-definitions
that referenced
this pull request
Aug 5, 2024
Short explanation: Clean up the code a little by using a variable. Long explanation: This task gets converted to a bash script and wrapped by a Jenkins shared library in the brand new RHTAP Jenkins pipeline sample templates. When testing the RHTAP Jenkins pipeline I found the default Jenkins user could not write to /tmp/, so I wanted to change the location of the file. This refactor makes that just a single line change, rather than having to change the path in three places. See also redhat-appstudio/tssc-sample-jenkins#1 where this PR was suggested by @mmorhun, and also redhat-appstudio/tssc-dev-multi-ci#2 where the cosign, Enterprise Contract, and promote pipeline support was being added to the RHTAP Jenkins templates.
These changes come from the following PR: redhat-appstudio/tssc-dev-multi-ci#2 See commit messages for more details on these changes. Initial diff generated with hack/copy-to-tssc-templates in that repo, but there were some manual tweaks done, including adding cosign_sign_attest to the rhtap.groovy file, and removing the some debugging code from rhtap/gather-deploy-images.sh related to the MY_IMAGES_TO_VERIFY var. Ref: https://issues.redhat.com/browse/EC-740
|
simonbaird
changed the title
jduimovich
pushed a commit
to jduimovich/build-definitions
that referenced
this pull request
Aug 6, 2024
Short explanation: Clean up the code a little by using a variable. Long explanation: This task gets converted to a bash script and wrapped by a Jenkins shared library in the brand new RHTAP Jenkins pipeline sample templates. When testing the RHTAP Jenkins pipeline I found the default Jenkins user could not write to /tmp/, so I wanted to change the location of the file. This refactor makes that just a single line change, rather than having to change the path in three places. See also redhat-appstudio/tssc-sample-jenkins#1 where this PR was suggested by @mmorhun, and also redhat-appstudio/tssc-dev-multi-ci#2 where the cosign, Enterprise Contract, and promote pipeline support was being added to the RHTAP Jenkins templates.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These changes come from the following PR:
redhat-appstudio/tssc-dev-multi-ci#2
See commit messages for more details on these changes.
Initial diff generated with hack/copy-to-tssc-templates in that repo, but I added cosign_sign_attest to the rhtap.grooy file by hand.
See also: redhat-appstudio/tssc-sample-templates#63
Ref: EC-740