fix: release ci

Signed-off-by: Moritz Johner <[email protected]>
moolen · Sep 30, 2022 · 531a3b1 · 531a3b1
1 parent 14c7dd6
commit 531a3b1
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 18 deletions.
diff --git a/.github/actions/sign/action.yml b/.github/actions/sign/action.yml
@@ -56,10 +56,14 @@ runs:
 
     - name: Sign image
       shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
       run: cosign sign -a GITHUB_ACTOR=${{ github.triggering_actor }} "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}"
 
     - name: Attach SBOM to image
       shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
       run: |
         syft "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}" -o spdx-json=sbom-spdx.json
         cosign attest --predicate sbom-spdx.json --type spdx "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}"
@@ -72,11 +76,12 @@ runs:
         subcommand: container
         arguments: --repository "${{ inputs.image-name }}" --output-path provenance.att --digest "${{ steps.container_info.outputs.digest }}" --tags "${{ inputs.image-tag }}"
       env:
-        COSIGN_EXPERIMENTAL: "0"
         GITHUB_TOKEN: "${{ inputs.GITHUB_TOKEN }}"
 
     - name: Attach provenance
       shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
       run: |
         jq '.predicate' provenance.att > provenance-predicate.att
         cosign attest --predicate provenance-predicate.att --type slsaprovenance "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}"

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,7 +10,6 @@ on:
 
 env:
   IMAGE_NAME: ghcr.io/moolen/logistis
-  COSIGN_EXPERIMENTAL: "1"
 
 jobs:
   docker:
@@ -69,15 +68,3 @@ jobs:
         image-name: ${{ env.IMAGE_NAME }}
         image-tag: ${{ needs.docker.outputs.image-tag }}
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  release:
-    if: startsWith(github.ref, 'refs/tags/')
-    needs: docker
-    runs-on: ubuntu-latest
-    steps:
-      - name: Create Release
-        uses: softprops/action-gh-release@v1
-        with:
-          body: |
-            ## Container Image
-            ${{ env.IMAGE_REPO }}:${{ steps.version.outputs.version }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,7 +7,6 @@ on:
 
 env:
   IMAGE_REPO: ghcr.io/moolen/logistis
-  COSIGN_EXPERIMENTAL: "1"
 
 jobs:
   release:
@@ -26,6 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      contents: write
       id-token: write
     strategy:
       matrix:

diff --git a/README.md b/README.md
@@ -17,10 +17,9 @@ It allows you to:
 - [x] `kubectl blame` plugin to inspect changes
   - [x] overview on a cluster-global level: latest changes by namespace
   - [x] latest changes per-namespace
-* add `/lock` API to lock down namespaces or resources from particular users
-* distributed event storage 🤷
 - [x] make event limit configurable (currently max 100 events per resource)
-- add predicate functions to decide whether or not to capture a event
+- [x] add predicate functions to decide whether or not to capture a event
+- [ ] distributed event storage 🤷
 
 ### Quickstart