Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflow updates #1378

Merged
merged 4 commits into from
Sep 11, 2024
Merged

Workflow updates #1378

merged 4 commits into from
Sep 11, 2024

Commits on Sep 10, 2024

  1. dependabot: Remove golang ecosystem 

    There is no go code anymore

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
    @jku
    jku committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    1cebe69 View commit details
    Browse the repository at this point in the history

  2. workflows: Add client test for older cosign 

    Test an older cosign version we want to support (we don't have the
maintainer resources for a full matrix of all versions of all clients,
but cosign is the most used client by far so let's test that)

This has been tested in root-signing-staging.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
    @jku
    jku committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    3211b37 View commit details
    Browse the repository at this point in the history

  3. workflows: Prevent signing-event from running in forks 

    signing-event can result in strange PR comments getting generated if the
workflow runs in signers fork. Prevent this.

This has been tested in root-signing-staging.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
    @jku
    jku committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    412ebb3 View commit details
    Browse the repository at this point in the history

  4. workflows: Do not always required future validity in test 

    test.yml and test-gcs.yml currently always fail if the repository is not
valid for 3 days (or if root & targets are not valid in 30 days). This
is reasonable for standalone tests but not when tests are run during
publish: As an example publishing should succeed after online signing
even if root is expiring in a few weeks.

Do not require repository to be valid at a future date when tests are
running as reusable workflow (in other words from publish.yml), only
require it to be valid at current time.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
    @jku
    jku committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    316bbb4 View commit details
    Browse the repository at this point in the history