Skip to content

Commit

Permalink
Sign image
Browse files Browse the repository at this point in the history
  • Loading branch information
firelizzard18 committed Sep 23, 2023
1 parent 5bbfa7a commit c9da3d1
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 56 deletions.
28 changes: 0 additions & 28 deletions .gitlab/all.gitlab-ci.yml
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
.build validation image:
extends: .rules all
image: docker:20
services: [ docker:20-dind ]
needs: []
script:
- docker build --build-arg TAGS=production,testnet -t ${VALIDATION_IMAGE} .
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker push ${VALIDATION_IMAGE}

go build:
extends: [ .rules all, .go ]
needs:
Expand Down Expand Up @@ -82,21 +72,3 @@ lint:
- go run github.com/rinchsan/gosimports/cmd/gosimports -l */ | tee fmt.log
- test -s fmt.log && die "Code is incorrectly formatted. Please run \`gosimports -w .\` (or \`./scripts/imports.sh\`)."
- echo -e "${SECTION}section_end:`date +%s`:imports\r${SECTION}"

.cleanup images:
# Once validation is done, delete the images
# Disabled because it doesn't appear to work, though it was copied from GitLab's docs
extends: .rules all
image: docker:20
services: [ docker:20-dind ]
needs: [ validate docker ]
variables:
REG_SHA256: ade837fc5224acd8c34732bf54a94f579b47851cc6a7fd5899a98386b782e228
REG_VERSION: 0.16.1
before_script:
- apk add --no-cache curl
- curl --fail --show-error --location "https://github.com/genuinetools/reg/releases/download/v$REG_VERSION/reg-linux-amd64" --output /usr/local/bin/reg
- echo "$REG_SHA256 /usr/local/bin/reg" | sha256sum -c -
- chmod a+x /usr/local/bin/reg
script:
- /usr/local/bin/reg rm -d --auth-url $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD ${VALIDATION_IMAGE}
1 change: 0 additions & 1 deletion .gitlab/common.gitlab-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ variables:
NO_COLOR: '\e[0m'
SECTION: '\e[0K'
PRODUCTION_IMAGE: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}
VALIDATION_IMAGE: ${CI_REGISTRY_IMAGE}/validation:${CI_COMMIT_REF_SLUG}
GO_CI_IMAGE: ${CI_REGISTRY_IMAGE}/ci-golang

build-image:golang:
Expand Down
41 changes: 14 additions & 27 deletions .gitlab/release.gitlab-ci.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.rules release:
rules:
- if: ($CI_COMMIT_BRANCH == 'release-1.0' || $CI_COMMIT_TAG != null) && $CI_PIPELINE_SOURCE != 'merge_request_event'
- if: (($CI_COMMIT_BRANCH == 'release-1.0' || $CI_COMMIT_TAG != null) && $CI_PIPELINE_SOURCE != 'merge_request_event') || $BUILD_BIN != null

git describe:
stage: test
Expand All @@ -9,44 +9,31 @@ git describe:
script:
- git fetch --unshallow
- echo "GIT_DESCRIBE=$(git describe --dirty)" >> git.env
- echo "GIT_COMMIT=$(git rev-parse HEAD)" >> git.env
artifacts:
reports:
dotenv: git.env

docker buildx:
stage: test
extends: .rules release
image: docker:20-git
needs: []
variables:
GIT_STRATEGY: none
artifacts:
paths:
- buildx
expire_in: 1 day
services: [ docker:20-dind ]
script:
- export DOCKER_BUILDKIT=1
- git clone https://github.com/docker/buildx ./docker-buildx
- docker build --platform=local -o . ./docker-buildx

build main image:
stage: test
extends: .rules release
needs: [ docker buildx ]
image: docker:20
needs: [git describe]
image: docker:24
timeout: 2 hours
services:
- name: docker:20-dind
command: [ --experimental ] # Do we need this?
- name: docker:24-dind
variables:
COSIGN_YES: "true"
id_tokens:
SIGSTORE_ID_TOKEN:
aud: sigstore
before_script:
- mkdir -p ~/.docker/cli-plugins
- mv buildx ~/.docker/cli-plugins/docker-buildx
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- apk add --update cosign make
script:
- docker buildx create --use
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- make docker-push IMAGE=${PRODUCTION_IMAGE}
- make docker-push IMAGE=$PRODUCTION_IMAGE GIT_DESCRIBE=$GIT_DESCRIBE GIT_COMMIT=$GIT_COMMIT
- IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $PRODUCTION_IMAGE)
- cosign sign $IMAGE_DIGEST

build binaries:
stage: test
Expand Down

0 comments on commit c9da3d1

Please sign in to comment.