fix build job

Signed-off-by: cpanato <ctadeu@gmail.com>
mattmoor · Jun 8, 2022 · 177cb56 · 177cb56
1 parent 7bcc533
commit 177cb56
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 34 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -14,13 +14,16 @@
 # limitations under the License.
 
 version: 2
+
 updates:
 - package-ecosystem: gomod
   directory: "/"
   schedule:
     interval: daily
   open-pull-requests-limit: 10
+
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: "daily"
+    interval: daily
+  open-pull-requests-limit: 10
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -45,8 +45,7 @@ jobs:
       # will use the latest release available for ko
       - uses: imjasonh/setup-ko@2c3450ca27f6e6f2b02e72a40f2163c281a1f675 # v0.4
 
-      - name: Install goimports
-        run: go get golang.org/x/tools/cmd/goimports
+      - uses: chainguard-dev/actions/goimports@84c993eaf02da1c325854fb272a4df9184bd80fc # main
 
       - name: Set up Cloud SDK
         uses: google-github-actions/auth@ceee102ec2387dd9e844e01b530ccd4ec87ce955 # v0.8.0
@@ -58,4 +57,6 @@ jobs:
         run: gcloud auth configure-docker --quiet
 
       - name: policy-controller
-        run: echo -n "${{secrets.COSIGN_PASSWORD}}" | KO_PREFIX=gcr.io/projectsigstore/cosign/ci make sign-policy-controller
+        env:
+          COSIGN_EXPERIMENTAL: true
+        run: KO_PREFIX=gcr.io/projectsigstore/policy-controller/ci make build-sign-containers
diff --git a/.github/workflows/cosign-test.key b/.github/workflows/cosign-test.key
diff --git a/.github/workflows/cosign-test.pub b/.github/workflows/cosign-test.pub
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -96,5 +96,5 @@ jobs:
         uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc # v3
         with:
           # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.46.0
+          version: v1.46.2
           args: --timeout=5m
diff --git a/.gitignore b/.gitignore
@@ -19,17 +19,14 @@
 /cosign*
 .vscode
 .idea
-/sget*
 
 # fuzzing artifacts
 *.libfuzzer
 *fuzz.a
 
 bin*
 dist/
-cosignImagerefs
 policyControllerImagerefs
-sgetImagerefs
 policyImagerefs
 
 **verify-experimental*
diff --git a/test/ci.mk b/test/ci.mk
@@ -2,15 +2,10 @@
 # signing ci
 ############
 
-.PHONY: sign-policy-controller
-sign-policy-controller:
-	cosign sign --key .github/workflows/cosign-test.key -a GIT_HASH=$(GIT_HASH) ${KO_PREFIX}/policy-controller:$(GIT_HASH)
+.PHONY: sign-policy-images
+sign-policy-images:
+	cosign sign -a GIT_HASH=$(GIT_HASH) ${KO_PREFIX}/policy-controller:$(GIT_HASH)
+	cosign sign -a GIT_HASH=$(GIT_HASH) ${KO_PREFIX}/policy-webhook:$(GIT_HASH)
 
-.PHONY: sign-keyless-policy-controller
-sign-keyless-policy-controller:
-	cosign sign -a sha=$(GIT_HASH) -a run_id=${GITHUB_RUN_ID} -a run_attempt=${GITHUB_RUN_ATTEMPT} ${KO_PREFIX}/policy-controller:$(GIT_HASH)
-	cosign sign -a sha=$(GIT_HASH) -a run_id=${GITHUB_RUN_ID} -a run_attempt=${GITHUB_RUN_ATTEMPT} ${KO_PREFIX}/policy-controller:$(GIT_VERSION)
-
-
-.PHONY: sign-keyless-container
-sign-keyless-container: ko sign-keyless-policy-controller
+.PHONY: build-sign-containers
+build-sign-containers: ko sign-policy-images