Skip to content

Commit

Permalink
test bump slsaframework version
Browse files Browse the repository at this point in the history
Signed-off-by: Shelley-BaoYue <baoyue2@huawei.com>
  • Loading branch information
Shelley-BaoYue committed Nov 30, 2023
1 parent d2fae9f commit 185d9a0
Showing 1 changed file with 4 additions and 86 deletions.
90 changes: 4 additions & 86 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,99 +6,17 @@ on:

env:
CONTAINER_RUN_OPTIONS: " "
IMAGE_REPOSITORY: kubeedge
IMAGE_REPOSITORY: shelleyby

jobs:
release-assests:
name: release kubeedge components
runs-on: ubuntu-22.04
strategy:
matrix:
target: [kubeedge, edgesite, keadm]
os: [linux]
ARM_VERSION: [GOARM7, GOARM8, ""]
outputs:
hash-kubeedge-amd64: ${{ steps.hash.outputs.hash-kubeedge-amd64 }}
hash-kubeedge-arm64: ${{ steps.hash.outputs.hash-kubeedge-arm64 }}
hash-kubeedge-arm: ${{ steps.hash.outputs.hash-kubeedge-arm }}
hash-keadm-amd64: ${{ steps.hash.outputs.hash-keadm-amd64 }}
hash-keadm-arm64: ${{ steps.hash.outputs.hash-keadm-arm64 }}
hash-keadm-arm: ${{ steps.hash.outputs.hash-keadm-arm }}
hash-edgesite-amd64: ${{ steps.hash.outputs.hash-edgesite-amd64 }}
hash-edgesite-arm64: ${{ steps.hash.outputs.hash-edgesite-arm64 }}
hash-edgesite-arm: ${{ steps.hash.outputs.hash-edgesite-arm }}
steps:
- name: checkout code
uses: actions/checkout@v3
with:
# fetch-depth:
# 0 indicates all history for all branches and tags.
# for `git describe --tags` in Makefile.
fetch-depth: 0
- name: Making and packaging
run: |
docker pull kubeedge/build-tools:1.17.13-ke1
make release WHAT=${{ matrix.target }} ARM_VERSION=${{ matrix.ARM_VERSION }}
- name: Generate arch
run: |
if [ "${{ matrix.ARM_VERSION }}" = "GOARM7" ]; then echo "output_arch=arm" >> $GITHUB_ENV; elif [ ${{ matrix.ARM_VERSION }} = "GOARM8" ]; then echo "output_arch=arm64" >> $GITHUB_ENV; else echo "output_arch=amd64" >> $GITHUB_ENV; fi
- name: Generate hashes
shell: bash
id: hash
run: |
cp _output/release/${{ github.ref_name }}/${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz .
echo "hash-${{ matrix.target }}-${{ env.output_arch }}=$( \
sha256sum ${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch}}.tar.gz | base64 -w0 \
)" >> "$GITHUB_OUTPUT"
- name: Uploading assets...
if: ${{ !env.ACT }}
uses: softprops/action-gh-release@v1
with:
files: |
_output/release/${{ github.ref_name }}/${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz
_output/release/${{ github.ref_name }}/checksum_${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz.txt
combine_hashes:
needs: [release-assests]
runs-on: ubuntu-22.04
outputs:
hashes: ${{ steps.hashes.outputs.hashes }}
env:
HASHES: ${{ toJSON(needs.release-assests.outputs) }}
steps:
- id: hashes
run: |
echo "$HASHES" | jq -r '.[] | @base64d' | sed "/^$/d" > hashes.txt
echo "hashes=$(cat hashes.txt | base64 -w0)" >> "$GITHUB_OUTPUT"
# This step calls the generic workflow to generate provenance.
provenance:
needs: [combine_hashes]
permissions:
actions: read
id-token: write
contents: write
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.2
with:
base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}"
# Upload provenance to a new release
upload-assets: true

publish-image-to-dockerhub:
name: publish to DockerHub
strategy:
matrix:
target: [cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptables-manager, edgemark, installation-package, controller-manager]
target: [cloudcore]
outputs:
hash-digest-cloudcore: ${{ steps.hash.outputs.hash-digest-cloudcore }}
hash-digest-admission: ${{ steps.hash.outputs.hash-digest-admission }}
hash-digest-edgesite-agent: ${{ steps.hash.outputs.hash-digest-edgesite-agent }}
hash-digest-edgesite-server: ${{ steps.hash.outputs.hash-digest-edgesite-server }}
hash-digest-csidriver: ${{ steps.hash.outputs.hash-digest-csidriver }}
hash-digest-iptables-manager: ${{ steps.hash.outputs.hash-digest-iptables-manager }}
hash-digest-edgemark: ${{ steps.hash.outputs.hash-digest-edgemark }}
hash-digest-installation-package: ${{ steps.hash.outputs.hash-digest-installation-package }}
hash-digest-controller-manager: ${{ steps.hash.outputs.hash-digest-controller-manager }}
runs-on: ubuntu-22.04
steps:
- name: checkout code
Expand Down Expand Up @@ -141,13 +59,13 @@ jobs:
needs: [publish-image-to-dockerhub]
strategy:
matrix:
target: [cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptables-manager, edgemark, installation-package, controller-manager]
target: [cloudcore]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
if: startsWith(github.ref, 'refs/tags/')
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.4.0
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
with:
image: kubeedge/${{ matrix.target }}
registry-username: ${{ vars.DOCKERHUB_USER_NAME }}
Expand Down

0 comments on commit 185d9a0

Please sign in to comment.