Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the cosign version (a lot) #1839

Merged
merged 1 commit into from
Dec 17, 2021
Merged

Bump the cosign version (a lot) #1839

merged 1 commit into from
Dec 17, 2021

Conversation

mattmoor
Copy link
Collaborator

@mattmoor mattmoor commented Dec 16, 2021
edited by imjasonh
Loading

The cosign version being used was ancient. This catches us up to 1.4.1 (latest).

I was also eyeballing the very redundant jobs in release.yaml for a subsequent refactoring to make this a matrix job, so there are a couple of trivial cleanups related to this.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

  • Includes unit tests
  • Adds integration tests if needed.

See the contribution guide for more details.

Reviewer Notes

  • The code flow looks good.
  • Unit tests and or integration tests added.

Release Notes

Releases are now signed with cosign 1.4.1

@mattmoor
Copy link
Collaborator Author

cc @priyawadhwa @dlorenc

@mattmoor
Copy link
Collaborator Author

For my next change I'm going to change this to sign digests instead of tags 😬

@imjasonh
Copy link
Collaborator

AIUI cosign-installer pins a version of cosign that it installs by default to each cosign-installer release. If that's the case we can set up dependabot to send PRs on new versions to the installer action, which should give us new cosign releases.

We do this in go-containerregistry

@mattmoor
Copy link
Collaborator Author

The KinD tests were timing out running the builds at 2m, so I bumped the timeout 🤞

@mattmoor mattmoor mentioned this pull request Dec 16, 2021
Merged
4 tasks
@mattmoor
Copy link
Collaborator Author

I'm spinning up a new PR where I'm going to start debugging the e2e tests a bit

@mattmoor
Bump the cosign version (a lot)
5c880d1 
The cosign version being used was ancient.  This catches us up to 1.4.1 (latest).

I was also eyeballing the very redundant jobs in `release.yaml` for a subsequent refactoring to make this a matrix job, so there are a couple of trivial cleanups related to this.
@imjasonh imjasonh merged commit 2e8a139 into GoogleContainerTools:master Dec 17, 2021
@mattmoor mattmoor deleted the bump-cosign branch December 17, 2021 22:51
gcalmettes pushed a commit to gcalmettes/kaniko that referenced this pull request Dec 24, 2021
@mattmoor @gcalmettes-fbox
Bump the cosign version (a lot) (GoogleContainerTools#1839)
9378e45 
The cosign version being used was ancient.  This catches us up to 1.4.1 (latest).

I was also eyeballing the very redundant jobs in `release.yaml` for a subsequent refactoring to make this a matrix job, so there are a couple of trivial cleanups related to this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@imjasonh imjasonh imjasonh approved these changes

@dlorenc dlorenc dlorenc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mattmoor @imjasonh @dlorenc