From ddad4b29b2224d633810d4208f263dc48a42afd4 Mon Sep 17 00:00:00 2001 From: Javan lacerda Date: Fri, 20 Sep 2024 18:00:15 +0000 Subject: [PATCH 1/5] adding breaking change label to container Signed-off-by: Javan lacerda --- .github/workflows/container-build.yml | 18 +++++++++++++++++- Makefile | 2 +- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 5286824f4..2027bbcb0 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -59,5 +59,21 @@ jobs: - name: creds run: gcloud auth configure-docker --quiet + - name: Formatted labels + id: labels + run: | + FORMATED_LABELS="--image-label commit-hash=$GITHUB_SHA" + + BRANCH_NUMBER=$(gh pr list --state all --search "sha:$GITHUB_SHA" --label "breaking-change" | awk '{print $1}') + echo "Branch Number: $BRANCH_NUMBER" + + # Check if a pull request number was found + if [ -n "$BRANCH_NUMBER" ]; then + FORMATED_LABELS+=" --image-label breaking-change=true" + fi + echo "FORMATED_LABELS='$FORMATED_LABELS'" >> $GITHUB_OUTPUT + - name: container - run: KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio make sign-keyless-ci + run: | + echo "Formated Label: ${{ steps.labels.outputs.FORMATED_LABELS }}" + KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} make sign-keyless-ci diff --git a/Makefile b/Makefile index 1c95803fc..9024d2be9 100644 --- a/Makefile +++ b/Makefile @@ -122,7 +122,7 @@ $(PROTOC-API-LINTER): $(TOOLS_DIR)/go.mod ko: # fulcio LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \ - KO_DOCKER_REPO=$(KO_PREFIX)/fulcio ko resolve --bare \ + KO_DOCKER_REPO=$(KO_PREFIX)/fulcio ko resolve $(FORMATED_LABEL) --bare \ --platform=linux/amd64 --tags $(GIT_VERSION) --tags $(GIT_HASH) \ --image-refs fulcioImagerefs --filename config/ > $(FULCIO_YAML) From 6939ae7a8e6ab05104bf777cc2d23f3a1cedef1f Mon Sep 17 00:00:00 2001 From: Javan lacerda Date: Tue, 8 Oct 2024 16:55:17 +0000 Subject: [PATCH 2/5] create variable for FORMATED_LABEL Signed-off-by: Javan lacerda --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 9024d2be9..3ec20f744 100644 --- a/Makefile +++ b/Makefile @@ -46,6 +46,9 @@ GHCR_PREFIX ?= ghcr.io/sigstore FULCIO_YAML ?= fulcio-$(GIT_TAG).yaml +# It should be blank for default builds +FORMATED_LABEL = + # Binaries PROTOC-GEN-GO := $(TOOLS_BIN_DIR)/protoc-gen-go PROTOC-GEN-GO-GRPC := $(TOOLS_BIN_DIR)/protoc-gen-go-grpc From 878bd571d31fda2e5fd4054f8a51b774abf43afc Mon Sep 17 00:00:00 2001 From: Javan lacerda Date: Tue, 8 Oct 2024 18:34:35 +0000 Subject: [PATCH 3/5] adding read permission for PRs and adding full tag Signed-off-by: Javan lacerda --- .github/workflows/container-build.yml | 3 ++- Makefile | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 2027bbcb0..88d9d87a8 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -31,6 +31,7 @@ jobs: permissions: id-token: write contents: read + pull-requests: read steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -76,4 +77,4 @@ jobs: - name: container run: | echo "Formated Label: ${{ steps.labels.outputs.FORMATED_LABELS }}" - KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} make sign-keyless-ci + KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} RUN_NUMBER=${{ github.run_number }} make sign-keyless-ci diff --git a/Makefile b/Makefile index 3ec20f744..4ebd67950 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,11 @@ GHCR_PREFIX ?= ghcr.io/sigstore FULCIO_YAML ?= fulcio-$(GIT_TAG).yaml # It should be blank for default builds -FORMATED_LABEL = +FORMATED_LABEL ?= + +RUN_NUMBER ?= "local" + +FULL_TAG := "0.$(shell date +%Y%m%d).$(RUN_NUMBER)+ref.$(GIT_HASH)" # Binaries PROTOC-GEN-GO := $(TOOLS_BIN_DIR)/protoc-gen-go @@ -126,7 +130,7 @@ ko: # fulcio LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \ KO_DOCKER_REPO=$(KO_PREFIX)/fulcio ko resolve $(FORMATED_LABEL) --bare \ - --platform=linux/amd64 --tags $(GIT_VERSION) --tags $(GIT_HASH) \ + --platform=linux/amd64 --tags $(GIT_VERSION) --tags $(GIT_HASH) --tags $(FULL_TAG) \ --image-refs fulcioImagerefs --filename config/ > $(FULCIO_YAML) .PHONY: ko-local From 1197ca95e38fe0ac28ed532a0f87a0666503fd4f Mon Sep 17 00:00:00 2001 From: Javan lacerda Date: Tue, 8 Oct 2024 18:58:20 +0000 Subject: [PATCH 4/5] fix full tag Signed-off-by: Javan lacerda --- .github/workflows/container-build.yml | 2 +- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 88d9d87a8..9e0aa83fd 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -77,4 +77,4 @@ jobs: - name: container run: | echo "Formated Label: ${{ steps.labels.outputs.FORMATED_LABELS }}" - KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} RUN_NUMBER=${{ github.run_number }} make sign-keyless-ci + KO_PREFIX=gcr.io/projectsigstore/fulcio/ci/fulcio FORMATED_LABEL=${{ steps.labels.outputs.FORMATED_LABELS }} make sign-keyless-ci diff --git a/Makefile b/Makefile index 4ebd67950..6c5797dc4 100644 --- a/Makefile +++ b/Makefile @@ -49,9 +49,9 @@ FULCIO_YAML ?= fulcio-$(GIT_TAG).yaml # It should be blank for default builds FORMATED_LABEL ?= -RUN_NUMBER ?= "local" +GITHUB_RUN_NUMBER ?= "local" -FULL_TAG := "0.$(shell date +%Y%m%d).$(RUN_NUMBER)+ref.$(GIT_HASH)" +FULL_TAG := "0.$(shell date +%Y%m%d).$(GITHUB_RUN_NUMBER)-ref.$(GIT_VERSION)" # Binaries PROTOC-GEN-GO := $(TOOLS_BIN_DIR)/protoc-gen-go From 358a756412995538078abf8a58ec68e3e1c11950 Mon Sep 17 00:00:00 2001 From: Javan lacerda Date: Fri, 11 Oct 2024 13:54:51 +0000 Subject: [PATCH 5/5] adding github token for github cli usage Signed-off-by: Javan lacerda --- .github/workflows/container-build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index 9e0aa83fd..91b415f40 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -62,6 +62,8 @@ jobs: - name: Formatted labels id: labels + env: + GH_TOKEN: ${{ github.token }} run: | FORMATED_LABELS="--image-label commit-hash=$GITHUB_SHA"