-
Notifications
You must be signed in to change notification settings - Fork 503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add krel sign blobs and images commands #2742
Conversation
Skipping CI for Draft Pull Request. |
opening as draft to collect early feedback |
/test all |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great start!
/test all |
I think the idea is to use it as part of the pipeline for the release, maybe @puerco can comment as well, but this was my understanding Also, I am having trouble using the lib to use in keyless mode, there is anything we need to do? or does that only work if we set up a GCP service account? also:
|
So I assume it has to be run manually in the same way we do it with
Hm, yeah this could be tested via cloudbuild.yaml.
Assuming that we run it side by side to krel stage/release, then we have to create a new cloudbuild job in https://github.com/kubernetes/release/tree/master/gcb
That's tricky, but we can iterate on it. Krel decides based on the flags if it should submit a cloudbuild job or run the actual logic: Lines 136 to 143 in ae9fe36
|
No I think we don't need to have it triggered by a release manager, I agree with @cpanato that we should add it as part of the existing pipeline:
My thinking is that we should sign everything in a step inside the release GCB job. Specifically, I think we should insert it here: https://github.com/kubernetes/release/blob/master/gcb/release/cloudbuild.yaml#L44 |
Sounds good, let's do it that way to keep things simple. |
@cpanato do you have any update on this change? |
21602cd
to
fa0945d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job, @cpanato!!
/lgtm
/approve
/hold
if @saschagrunert wants to take a look, otherwise unhold
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just two nits, otherwise LGTM
Signed-off-by: cpanato <ctadeu@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/unhold
Thank you @cpanato!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cpanato, saschagrunert, xmudrii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@cpanato do we wanna give this a test run ahead of the next RC? |
yes, can you kick a mock one? also, i will implement the sign images as a follow up |
@cpanato sure Stage
Release
Got some errors, fixing them in: |
What type of PR is this?
/kind feature
What this PR does / why we need it:
/assign @saschagrunert @puerco @xmudrii @jeremyrickard
Which issue(s) this PR fixes:
Fixes #2618
Special notes for your reviewer:
Does this PR introduce a user-facing change?