From 185d9a0b61b341236d6173f248d638aec96b2efd Mon Sep 17 00:00:00 2001 From: Shelley-BaoYue Date: Thu, 30 Nov 2023 11:45:08 +0800 Subject: [PATCH] test bump slsaframework version Signed-off-by: Shelley-BaoYue --- .github/workflows/release.yml | 90 ++--------------------------------- 1 file changed, 4 insertions(+), 86 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1ba1495b9c3..7131592cece 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,99 +6,17 @@ on: env: CONTAINER_RUN_OPTIONS: " " - IMAGE_REPOSITORY: kubeedge + IMAGE_REPOSITORY: shelleyby jobs: - release-assests: - name: release kubeedge components - runs-on: ubuntu-22.04 - strategy: - matrix: - target: [kubeedge, edgesite, keadm] - os: [linux] - ARM_VERSION: [GOARM7, GOARM8, ""] - outputs: - hash-kubeedge-amd64: ${{ steps.hash.outputs.hash-kubeedge-amd64 }} - hash-kubeedge-arm64: ${{ steps.hash.outputs.hash-kubeedge-arm64 }} - hash-kubeedge-arm: ${{ steps.hash.outputs.hash-kubeedge-arm }} - hash-keadm-amd64: ${{ steps.hash.outputs.hash-keadm-amd64 }} - hash-keadm-arm64: ${{ steps.hash.outputs.hash-keadm-arm64 }} - hash-keadm-arm: ${{ steps.hash.outputs.hash-keadm-arm }} - hash-edgesite-amd64: ${{ steps.hash.outputs.hash-edgesite-amd64 }} - hash-edgesite-arm64: ${{ steps.hash.outputs.hash-edgesite-arm64 }} - hash-edgesite-arm: ${{ steps.hash.outputs.hash-edgesite-arm }} - steps: - - name: checkout code - uses: actions/checkout@v3 - with: - # fetch-depth: - # 0 indicates all history for all branches and tags. - # for `git describe --tags` in Makefile. - fetch-depth: 0 - - name: Making and packaging - run: | - docker pull kubeedge/build-tools:1.17.13-ke1 - make release WHAT=${{ matrix.target }} ARM_VERSION=${{ matrix.ARM_VERSION }} - - name: Generate arch - run: | - if [ "${{ matrix.ARM_VERSION }}" = "GOARM7" ]; then echo "output_arch=arm" >> $GITHUB_ENV; elif [ ${{ matrix.ARM_VERSION }} = "GOARM8" ]; then echo "output_arch=arm64" >> $GITHUB_ENV; else echo "output_arch=amd64" >> $GITHUB_ENV; fi - - name: Generate hashes - shell: bash - id: hash - run: | - cp _output/release/${{ github.ref_name }}/${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz . - echo "hash-${{ matrix.target }}-${{ env.output_arch }}=$( \ - sha256sum ${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch}}.tar.gz | base64 -w0 \ - )" >> "$GITHUB_OUTPUT" - - name: Uploading assets... - if: ${{ !env.ACT }} - uses: softprops/action-gh-release@v1 - with: - files: | - _output/release/${{ github.ref_name }}/${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz - _output/release/${{ github.ref_name }}/checksum_${{ matrix.target }}-${{ github.ref_name }}-${{ matrix.os }}-${{ env.output_arch }}.tar.gz.txt - - combine_hashes: - needs: [release-assests] - runs-on: ubuntu-22.04 - outputs: - hashes: ${{ steps.hashes.outputs.hashes }} - env: - HASHES: ${{ toJSON(needs.release-assests.outputs) }} - steps: - - id: hashes - run: | - echo "$HASHES" | jq -r '.[] | @base64d' | sed "/^$/d" > hashes.txt - echo "hashes=$(cat hashes.txt | base64 -w0)" >> "$GITHUB_OUTPUT" - - # This step calls the generic workflow to generate provenance. - provenance: - needs: [combine_hashes] - permissions: - actions: read - id-token: write - contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.2.2 - with: - base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}" - # Upload provenance to a new release - upload-assets: true publish-image-to-dockerhub: name: publish to DockerHub strategy: matrix: - target: [cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptables-manager, edgemark, installation-package, controller-manager] + target: [cloudcore] outputs: hash-digest-cloudcore: ${{ steps.hash.outputs.hash-digest-cloudcore }} - hash-digest-admission: ${{ steps.hash.outputs.hash-digest-admission }} - hash-digest-edgesite-agent: ${{ steps.hash.outputs.hash-digest-edgesite-agent }} - hash-digest-edgesite-server: ${{ steps.hash.outputs.hash-digest-edgesite-server }} - hash-digest-csidriver: ${{ steps.hash.outputs.hash-digest-csidriver }} - hash-digest-iptables-manager: ${{ steps.hash.outputs.hash-digest-iptables-manager }} - hash-digest-edgemark: ${{ steps.hash.outputs.hash-digest-edgemark }} - hash-digest-installation-package: ${{ steps.hash.outputs.hash-digest-installation-package }} - hash-digest-controller-manager: ${{ steps.hash.outputs.hash-digest-controller-manager }} runs-on: ubuntu-22.04 steps: - name: checkout code @@ -141,13 +59,13 @@ jobs: needs: [publish-image-to-dockerhub] strategy: matrix: - target: [cloudcore, admission, edgesite-agent, edgesite-server, csidriver, iptables-manager, edgemark, installation-package, controller-manager] + target: [cloudcore] permissions: actions: read # for detecting the Github Actions environment. id-token: write # for creating OIDC tokens for signing. packages: write # for uploading attestations. if: startsWith(github.ref, 'refs/tags/') - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.4.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 with: image: kubeedge/${{ matrix.target }} registry-username: ${{ vars.DOCKERHUB_USER_NAME }}