From d4e9b92f2ad07e02df0ca1c6609462c4ba26d7ea Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Wed, 13 Nov 2024 22:01:16 +0000 Subject: [PATCH] minor update Signed-off-by: Sertac Ozercan --- .github/workflows/pre-release.yaml | 22 +++++++++++++--------- .github/workflows/release.yaml | 20 +++++++++++--------- Makefile | 1 - 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index d1fc9d6aaac..af2f1a31eaf 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -4,9 +4,7 @@ on: branches: - master -permissions: - contents: read - packages: write +permissions: read-all env: IMAGE_REPO: openpolicyagent/gatekeeper @@ -19,6 +17,9 @@ jobs: runs-on: "ubuntu-22.04" if: github.ref == 'refs/heads/master' && github.event_name == 'push' && github.repository == 'open-policy-agent/gatekeeper' timeout-minutes: 30 + permissions: + contents: read + packages: write steps: - name: Harden Runner uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 @@ -47,11 +48,12 @@ jobs: exists=$(echo $version_list | jq --arg t ${GITHUB_SHA::7} '.tags | index($t)') if [[ $exists == null ]] then - make PUSH_TO_GHCR=true docker-buildx-dev \ + make docker-buildx-dev \ DEV_TAG=${GITHUB_SHA::7} \ PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \ OUTPUT_TYPE=type=registry \ - GENERATE_ATTESTATIONS=true + GENERATE_ATTESTATIONS=true \ + PUSH_TO_GHCR=true fi listUri="https://registry-1.docker.io/v2/${{ env.CRD_IMAGE_REPO }}/tags/list" @@ -59,11 +61,12 @@ jobs: exists=$(echo $version_list | jq --arg t ${GITHUB_SHA::7} '.tags | index($t)') if [[ $exists == null ]] then - make PUSH_TO_GHCR=true docker-buildx-crds-dev \ + make docker-buildx-crds-dev \ DEV_TAG=${GITHUB_SHA::7} \ PLATFORM="linux/amd64,linux/arm64" \ OUTPUT_TYPE=type=registry \ - GENERATE_ATTESTATIONS=true + GENERATE_ATTESTATIONS=true \ + PUSH_TO_GHCR=true fi listUri="https://registry-1.docker.io/v2/${{ env.GATOR_IMAGE_REPO }}/tags/list" @@ -71,11 +74,12 @@ jobs: exists=$(echo $version_list | jq --arg t ${GITHUB_SHA::7} '.tags | index($t)') if [[ $exists == null ]] then - make PUSH_TO_GHCR=true docker-buildx-gator-dev \ + make docker-buildx-gator-dev \ DEV_TAG=${GITHUB_SHA::7} \ PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \ OUTPUT_TYPE=type=registry \ - GENERATE_ATTESTATIONS=true + GENERATE_ATTESTATIONS=true \ + PUSH_TO_GHCR=true fi env: DOCKER_USER: ${{ secrets.DOCKER_USER }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9c182bea0a2..da99074fd39 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -9,9 +9,7 @@ env: CRD_IMAGE_REPO: openpolicyagent/gatekeeper-crds GATOR_IMAGE_REPO: openpolicyagent/gator -permissions: - contents: read - packages: write +permissions: read-all jobs: tagged-release: @@ -19,6 +17,7 @@ jobs: runs-on: "ubuntu-22.04" permissions: contents: write + packages: write if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'open-policy-agent/gatekeeper' timeout-minutes: 45 steps: @@ -65,11 +64,12 @@ jobs: exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)') if [[ $exists == null ]] then - make PUSH_TO_GHCR=true docker-buildx-release \ + make docker-buildx-release \ VERSION=${TAG} \ PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \ OUTPUT_TYPE=type=registry \ - GENERATE_ATTESTATIONS=true + GENERATE_ATTESTATIONS=true \ + PUSH_TO_GHCR=true fi listUri="https://registry-1.docker.io/v2/${{ env.CRD_IMAGE_REPO }}/tags/list" @@ -77,11 +77,12 @@ jobs: exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)') if [[ $exists == null ]] then - make PUSH_TO_GHCR=true docker-buildx-crds-release \ + make docker-buildx-crds-release \ VERSION=${TAG} \ PLATFORM="linux/amd64,linux/arm64" \ OUTPUT_TYPE=type=registry \ - GENERATE_ATTESTATIONS=true + GENERATE_ATTESTATIONS=true \ + PUSH_TO_GHCR=true fi listUri="https://registry-1.docker.io/v2/${{ env.GATOR_IMAGE_REPO }}/tags/list" @@ -89,11 +90,12 @@ jobs: exists=$(echo $version_list | jq --arg t ${TAG} '.tags | index($t)') if [[ $exists == null ]] then - make PUSH_TO_GHCR=true docker-buildx-gator-release \ + make docker-buildx-gator-release \ VERSION=${TAG} \ PLATFORM="linux/amd64,linux/arm64,linux/arm/v7" \ OUTPUT_TYPE=type=registry \ - GENERATE_ATTESTATIONS=true + GENERATE_ATTESTATIONS=true \ + PUSH_TO_GHCR=true fi env: DOCKER_USER: ${{ secrets.DOCKER_USER }} diff --git a/Makefile b/Makefile index d40830631d4..0862520dcef 100644 --- a/Makefile +++ b/Makefile @@ -408,7 +408,6 @@ docker-buildx-crds: build-crds docker-buildx-builder --platform="$(PLATFORM)" \ --output=$(OUTPUT_TYPE) \ -t $(CRD_IMG) \ - $(if $(filter true,$(PUSH_TO_GHCR)),-t ghcr.io/$(CRD_IMG)) \ -f crd.Dockerfile .staging/crds/ docker-buildx-dev: docker-buildx-builder