Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign release artefacts using cosign #302

Merged
merged 4 commits into from
Mar 14, 2022
Merged

Sign release artefacts using cosign #302

merged 4 commits into from
Mar 14, 2022

Conversation

cpanato
Copy link
Member

@cpanato cpanato commented Jan 29, 2022

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area build

What this PR does / why we need it:

Sign the release artefacts using cosign and also generate the SBOM using syft for now

the secret key is already set in circleci

/assign @leogr @Issif
cc @danpopnyc

Which issue(s) this PR fixes:

Fixes #300

Special notes for your reviewer:

@poiana poiana requested review from leodido and nibalizer January 29, 2022 11:04
@cpanato cpanato requested review from Issif and leogr and removed request for leodido and nibalizer January 30, 2022 13:38
leogr
leogr reviewed Feb 1, 2022
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SGTM, but I can't try it.

@Issif @cpanato do we want to merge it directly and see what happens?

@cpanato
Copy link
Member Author

cpanato commented Feb 2, 2022

@leogr I've run in a sample repo the commands and that worked :)

let's try, what we can do is when we cut the release, I will be watching to check and if fail can act right away

@Issif

@Issif
Copy link
Member

Issif commented Feb 2, 2022

I think I will work on the new release this month, I would to manage source and tags in payload first, this is important because of plugins and talon, but this is a big work as we have many outputs

@Issif Issif added this to the 2.25.0 milestone Mar 2, 2022
@Issif
Copy link
Member

Issif commented Mar 10, 2022

@cpanato I created the PR for dealing with source and tags in the events, feel free to rebase this PR on it after

@leogr
Copy link
Member

leogr commented Mar 11, 2022

@cpanato I created the PR for dealing with source and tags in the events, feel free to rebase this PR on it after

There are no conflicts. I guess we can approve this PR. @Issif is that ok for you?

@cpanato
Copy link
Member Author

cpanato commented Mar 11, 2022

i can rebase just to make sure, one sec

cpanato added 4 commits March 11, 2022 14:56
@cpanato
sign the release
08dcab7 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@cpanato
bump versions of the support apps
293f48e 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@cpanato
add context secret
f41e550 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@cpanato
skip sign for snapshot for now
5cc68ea 
Signed-off-by: Carlos Panato <ctadeu@gmail.com>
@cpanato
Copy link
Member Author

cpanato commented Mar 11, 2022

@leogr @Issif rebased

Issif
Issif approved these changes Mar 14, 2022
View reviewed changes
Copy link
Member

@Issif Issif left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️

@poiana poiana added the lgtm label Mar 14, 2022
@poiana
Copy link

poiana commented Mar 14, 2022

LGTM label has been added.

Git tree hash: 6fb279971631c5d5763edabc1feb874be85e92ee

@poiana
Copy link

poiana commented Mar 14, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, Issif

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana merged commit 323fca8 into falcosecurity:master Mar 14, 2022
@cpanato cpanato deleted the release-sign branch March 14, 2022 13:34
@cpanato
Copy link
Member Author

cpanato commented Mar 14, 2022

@Issif when you cut let me know in case we need to tweak anything :)

@Issif
Copy link
Member

Issif commented Mar 14, 2022

@Issif when you cut let me know in case we need to tweak anything :)

I'll ask you to review the PR for the next release anyway 😉

@Issif Issif mentioned this pull request May 11, 2022
Merged
@leogr leogr mentioned this pull request Nov 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leogr leogr leogr left review comments

@Issif Issif Issif approved these changes

Assignees

@leogr leogr

@Issif Issif

Labels
approved area/build dco-signoff: yes kind/feature New feature or request lgtm size/L
Projects
Falcosidekick 2.x
Status: Done
Milestone
2.25.0
Development

Successfully merging this pull request may close these issues.

Sign release artifacts using cosign
4 participants
@cpanato @Issif @leogr @poiana