cd
/
j7s-ci
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove cosign stuff. It's not working and I can figure this out later.

This commit is contained in:
James Pace 2023-04-20 18:13:01 -04:00
parent 667cf3b8ff
commit 069149c8b3
3 changed files with 25 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
generic-pipelines/simple-ros-pipeline.yaml
View File

@ -9,7 +9,6 @@ spec:
workspaces: workspaces:
- name: shared-data - name: shared-data
- name: git-credentials - name: git-credentials
- name: cosign-credentials
params: params:
- name: registry-login-secret-name - name: registry-login-secret-name
tasks: tasks:
@ -33,8 +32,6 @@ spec:
workspaces: workspaces:
- name: source - name: source
workspace: shared-data workspace: shared-data
- name: cosign-credentials
workspace: cosign-credentials
params: params:
- name: registry - name: registry
value: harbor.internal.jpace121.net value: harbor.internal.jpace121.net

19
generic-tasks/j7s-buildah.yaml
View File

@ -18,7 +18,6 @@ spec:
description: Name of the secret containing the credentials to push to the registry. description: Name of the secret containing the credentials to push to the registry.
workspaces: workspaces:
- name: source - name: source
- name: cosign-credentials
steps: steps:
- name: build - name: build
image: harbor.internal.jpace121.net/k8s/buildah:latest image: harbor.internal.jpace121.net/k8s/buildah:latest
@ -27,28 +26,14 @@ spec:
set -x set -x
# Login # Login
buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry) buildah login --tls-verify=false --username=$USERNAME --password=$PASSWORD $(params.registry)
mkdir ~/.sigstore
cp $(workspaces.cosign-credentials.path)/* ~/.sigstore
cat <<EOF > ~/.sigstore/param-file.yaml
privateKeyFile: "$HOME/.sigstore/cosign.key"
privateKeyPassphraseFile: "$HOME/.sigstore/cosign.password"
EOF
mkdir -p /etc/containers/registries.d/
cat <<EOF > /etc/containers/registries.d/james-registry.yaml
docker:
$(params.registry):
use-sigstore-attachments: true
EOF
# Build # Build
buildah --storage-driver=overlay bud --tls-verify=false --no-cache \ buildah --storage-driver=overlay bud --tls-verify=false --no-cache \
-f $(params.containerfile) -t $(params.name):$(params.version) . -f $(params.containerfile) -t $(params.name):$(params.version) .
# Push # Push
cat $HOME/.sigstore/param-file.yaml skopeo copy --debug --dest-tls-verify=false \
ls $HOME/.sigstore
skopeo copy --debug --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \
containers-storage:localhost/$(params.name):$(params.version) \ containers-storage:localhost/$(params.name):$(params.version) \
docker://$(params.registry)/$(params.name):$(params.version) docker://$(params.registry)/$(params.name):$(params.version)
skopeo copy --debug --dest-tls-verify=false --sign-by-sigstore=$HOME/.sigstore/param-file.yaml \ skopeo copy --debug --dest-tls-verify=false \
containers-storage:localhost/$(params.name):$(params.version) \ containers-storage:localhost/$(params.name):$(params.version) \
docker://$(params.registry)/$(params.name):latest docker://$(params.registry)/$(params.name):latest
env: env:

23
runs/simple-ros-pipeline.yaml Normal file
View File

@ -0,0 +1,23 @@
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: simple-ros-pipeline-
namespace: j7s-ci
spec:
pipelineRef:
name: simple-ros-pipeline
params:
- name: registry-login-secret-name
value: harbor-login
workspaces:
- name: shared-data
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: git-credentials
secret:
secretName: git-credentials