Skip to content

Commit

Permalink
Use downloaded cosign binary in release workflow
Browse files Browse the repository at this point in the history
This simplifies its usage, as Docker is not required. Also fixes the
CURDIR issue:

    /runner/_work/_temp/942db570-3c25-43c3-8cce-9dbabc9f9633.sh: line 2: CURDIR: command not found
    docker: invalid spec: :/k0s: empty section between colons.
    See 'docker run --help'.

Fixes: 51a9263 ("Signing k0s binaries with cosign")
Signed-off-by: Tom Wieczorek <[email protected]>
  • Loading branch information
twz123 committed Jan 24, 2024
1 parent fe624d7 commit 192d291
Showing 1 changed file with 12 additions and 32 deletions.
44 changes: 12 additions & 32 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -87,14 +87,9 @@ jobs:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
echo $COSIGN_KEY | base64 -d > cosign.key
docker run --rm \
-v "$(CURDIR):/k0s" \
gcr.io/projectsigstore/cosign:v2.2.0 \
sign-blob \
--key /k0s/cosign.key \
--tlog-upload=false \
/k0s/k0s --output-file /k0s/k0s.sig
curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-amd64
chmod +x ./cosign
./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false k0s | tee k0s.sig
- name: Upload Release Assets - Binary
uses: shogo82148/[email protected]
Expand Down Expand Up @@ -167,14 +162,9 @@ jobs:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
echo $COSIGN_KEY | base64 -d > cosign.key
docker run --rm \
-v "$(CURDIR):/k0s" \
gcr.io/projectsigstore/cosign:v2.2.0 \
sign-blob \
--key /k0s/cosign.key \
--tlog-upload=false \
/k0s/k0s.exe --output-file /k0s/k0s.exe.sig
curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-amd64
chmod +x ./cosign
./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false k0s.exe | tee k0s.exe.sig
- name: Clean Docker
run: |
Expand Down Expand Up @@ -239,14 +229,9 @@ jobs:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
echo $COSIGN_KEY | base64 -d > cosign.key
docker run --rm \
-v "$(CURDIR):/k0s" \
gcr.io/projectsigstore/cosign:v2.2.0 \
sign-blob \
--key /k0s/cosign.key \
--tlog-upload=false \
/k0s/k0s --output-file /k0s/k0s.sig
curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-arm64
chmod +x ./cosign
./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false k0s | tee k0s.sig
- name: Set up Go for smoke tests
uses: actions/setup-go@v3
Expand Down Expand Up @@ -344,14 +329,9 @@ jobs:
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: |
echo $COSIGN_KEY | base64 -d > cosign.key
docker run --rm \
-v "$(CURDIR):/k0s" \
gcr.io/projectsigstore/cosign:v2.2.0 \
sign-blob \
--key /k0s/cosign.key \
--tlog-upload=false \
/k0s/k0s --output-file /k0s/k0s.sig
curl -sSLo cosign https://github.com/sigstore/cosign/releases/download/v2.2.0/cosign-linux-arm
chmod +x ./cosign
./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=false k0s | tee k0s.sig
- name: Set up Go for smoke tests
uses: actions/setup-go@v3
Expand Down

0 comments on commit 192d291

Please sign in to comment.