lifecycle v0.17.4 #58

Workflow file for this run

.github/workflows/post-release.yml at e955b6a

	name: post-release

	on:
	release:
	types:
	- published # trigger for releases and pre-releases

	jobs:
	retag-lifecycle-images:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Set up go
	uses: actions/setup-go@v3
	with:
	check-latest: true
	go-version-file: 'go.mod'
	- name: Install crane
	run: \|
	go install github.com/google/go-containerregistry/cmd/crane@latest
	- name: Install cosign
	uses: sigstore/cosign-installer@main
	with:
	cosign-release: 'v1.2.0'
	- uses: azure/docker-login@v1
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Set env
	run: \|
	echo "LIFECYCLE_VERSION=$(echo ${{ github.event.release.tag_name }} \| cut -d "v" -f2)" >> $GITHUB_ENV
	echo "LIFECYCLE_IMAGE_TAG=$(git describe --always --abbrev=7)" >> $GITHUB_ENV
	- name: Verify lifecycle images
	run: \|
	LINUX_AMD64_SHA=$(cosign verify -key cosign.pub buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-linux-x86-64 \| jq -r .[0].critical.image.\"docker-manifest-digest\")
	echo "LINUX_AMD64_SHA: $LINUX_AMD64_SHA"
	echo "LINUX_AMD64_SHA=$LINUX_AMD64_SHA" >> $GITHUB_ENV

	LINUX_ARM64_SHA=$(cosign verify -key cosign.pub buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-linux-arm64 \| jq -r .[0].critical.image.\"docker-manifest-digest\")
	echo "LINUX_ARM64_SHA: $LINUX_ARM64_SHA"
	echo "LINUX_ARM64_SHA=$LINUX_ARM64_SHA" >> $GITHUB_ENV

	WINDOWS_AMD64_SHA=$(cosign verify -key cosign.pub buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-windows \| jq -r .[0].critical.image.\"docker-manifest-digest\")
	echo "WINDOWS_AMD64_SHA: $WINDOWS_AMD64_SHA"
	echo "WINDOWS_AMD64_SHA=$WINDOWS_AMD64_SHA" >> $GITHUB_ENV
	- name: Download SBOM
	run: \|
	gh release download --pattern '*-bom.cdx.json' ${{ github.event.release.tag_name }}
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Retag lifecycle images & create manifest list - semver
	run: \|
	DOCKER_CLI_EXPERIMENTAL=enabled

	crane tag buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-linux-x86-64@${{ env.LINUX_AMD64_SHA }} ${{ env.LIFECYCLE_VERSION }}-linux-x86-64
	crane tag buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-linux-arm64@${{ env.LINUX_ARM64_SHA }} ${{ env.LIFECYCLE_VERSION }}-linux-arm64
	crane tag buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-windows@${{ env.WINDOWS_AMD64_SHA }} ${{ env.LIFECYCLE_VERSION }}-windows

	docker manifest create buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }} \
	buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}-linux-x86-64@${{ env.LINUX_AMD64_SHA }} \
	buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}-linux-arm64@${{ env.LINUX_ARM64_SHA }} \
	buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}-windows@${{ env.WINDOWS_AMD64_SHA }}

	MANIFEST_SHA=$(docker manifest push buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }})
	echo "MANIFEST_SHA: $MANIFEST_SHA"

	COSIGN_PASSWORD=${{ secrets.COSIGN_PASSWORD }} cosign sign -r \
	-key <(echo -n "${{ secrets.COSIGN_PRIVATE_KEY }}" \| base64 --decode) \
	-a tag=${{ env.LIFECYCLE_VERSION }} \
	buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}@${MANIFEST_SHA}
	cosign verify -key cosign.pub -a tag=${{ env.LIFECYCLE_VERSION }} buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}

	cosign attach sbom -sbom ./*-bom.cdx.json -type cyclonedx buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}
	COSIGN_PASSWORD=${{ secrets.COSIGN_PASSWORD }} cosign sign -r \
	-key <(echo -n "${{ secrets.COSIGN_PRIVATE_KEY }}" \| base64 --decode) \
	-a tag=${{ env.LIFECYCLE_VERSION }} -attachment sbom \
	buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}@${MANIFEST_SHA}
	cosign verify -key cosign.pub -a tag=${{ env.LIFECYCLE_VERSION }} -attachment sbom buildpacksio/lifecycle:${{ env.LIFECYCLE_VERSION }}@${MANIFEST_SHA}
	- name: Retag lifecycle images & create manifest list - latest
	if: "!contains(env.LIFECYCLE_VERSION, 'rc') && !contains(env.LIFECYCLE_VERSION, 'pre')"
	run: \|
	DOCKER_CLI_EXPERIMENTAL=enabled

	crane tag buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-linux-x86-64@${{ env.LINUX_AMD64_SHA }} latest-linux-x86-64
	crane tag buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-linux-arm64@${{ env.LINUX_ARM64_SHA }} latest-linux-arm64
	crane tag buildpacksio/lifecycle:${{ env.LIFECYCLE_IMAGE_TAG }}-windows@${{ env.WINDOWS_AMD64_SHA }} latest-windows

	docker manifest create buildpacksio/lifecycle:latest \
	buildpacksio/lifecycle:latest-linux-x86-64@${{ env.LINUX_AMD64_SHA }} \
	buildpacksio/lifecycle:latest-linux-arm64@${{ env.LINUX_ARM64_SHA }} \
	buildpacksio/lifecycle:latest-windows@${{ env.WINDOWS_AMD64_SHA }}

	MANIFEST_SHA=$(docker manifest push buildpacksio/lifecycle:latest)
	echo "MANIFEST_SHA: $MANIFEST_SHA"

	COSIGN_PASSWORD=${{ secrets.COSIGN_PASSWORD }} cosign sign -r \
	-key <(echo -n "${{ secrets.COSIGN_PRIVATE_KEY }}" \| base64 --decode) \
	-a tag=latest \
	buildpacksio/lifecycle:latest@${MANIFEST_SHA}
	cosign verify -key cosign.pub -a tag=latest buildpacksio/lifecycle:latest

	cosign attach sbom -sbom ./*-bom.cdx.json -type cyclonedx buildpacksio/lifecycle:latest
	COSIGN_PASSWORD=${{ secrets.COSIGN_PASSWORD }} cosign sign -r \
	-key <(echo -n "${{ secrets.COSIGN_PRIVATE_KEY }}" \| base64 --decode) \
	-a tag=${{ env.LIFECYCLE_VERSION }} -attachment sbom \
	buildpacksio/lifecycle:latest@${MANIFEST_SHA}
	cosign verify -key cosign.pub -a tag=${{ env.LIFECYCLE_VERSION }} -attachment sbom buildpacksio/lifecycle:latest@${MANIFEST_SHA}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lifecycle v0.17.4 #58

Workflow file

lifecycle v0.17.4 #58

Jobs

Run details

Workflow file for this run