refactor release and add signing #483

cpanato · 2021-11-09T11:28:39Z

Summary

refactor the rekor release pipeline to be similar in what we have for cosign
also adding the same km key that we use to sign cosign to sign rekor as well

after this, we can release the 1.0.0

need to make sure that the bot have the permission to this repo and also need to create a gcp storage to hold the release artifacts similar we have for cosign

Ticket Link

Fixes

Release Note

refactor release and add signing

cpanato · 2021-11-09T11:32:42Z

rehearsal release can be found in my fork https://github.com/cpanato/rekor/releases/tag/v99.999.00-ko

rekor-cli amd64

$ docker run gcr.io/cpanato-general/rekor-cli:v99.999.00-ko version
Unable to find image 'gcr.io/cpanato-general/rekor-cli:v99.999.00-ko' locally
v99.999.00-ko: Pulling from cpanato-general/rekor-cli
e8614d09b7be: Already exists
c6f4d1a13b69: Already exists
601401253d0a: Already exists
250c06f7c38e: Already exists
449ec1fdde61: Pull complete
Digest: sha256:bc44b87bd6d4a1913eb4a1d7261078e4e3fb440ab29396fbb2c1eee99d070200
Status: Downloaded newer image for gcr.io/cpanato-general/rekor-cli:v99.999.00-ko
GitVersion:    v99.999.00-ko
GitCommit:     9483863371c04abd9357315909ea26be0f1e5d51
GitTreeState:  clean
BuildDate:     '2021-11-09T11:17:37Z'
GoVersion:     go1.17.3
Compiler:      gc
Platform:      linux/amd64

rekor-cli arm64

$ docker run --platform=linux/arm64 gcr.io/cpanato-general/rekor-cli:v99.999.00-ko version
Unable to find image 'gcr.io/cpanato-general/rekor-cli:v99.999.00-ko' locally
v99.999.00-ko: Pulling from cpanato-general/rekor-cli
859e03b7461b: Pull complete
1867b2187888: Pull complete
809df5b9132e: Pull complete
250c06f7c38e: Pull complete
54c51f63ac64: Pull complete
Digest: sha256:bc44b87bd6d4a1913eb4a1d7261078e4e3fb440ab29396fbb2c1eee99d070200
Status: Downloaded newer image for gcr.io/cpanato-general/rekor-cli:v99.999.00-ko
GitVersion:    v99.999.00-ko
GitCommit:     9483863371c04abd9357315909ea26be0f1e5d51
GitTreeState:  clean
BuildDate:     '2021-11-09T11:17:37Z'
GoVersion:     go1.17.3
Compiler:      gc
Platform:      linux/arm64

rekor-server amd64

$ docker run gcr.io/cpanato-general/rekor-server:v99.999.00-ko version
Unable to find image 'gcr.io/cpanato-general/rekor-server:v99.999.00-ko' locally
v99.999.00-ko: Pulling from cpanato-general/rekor-server
e8614d09b7be: Already exists
c6f4d1a13b69: Already exists
601401253d0a: Already exists
250c06f7c38e: Already exists
6c79654abb7a: Pull complete
Digest: sha256:a5386799d824445b8a7e89d6d6cfec8240bafe5509f2a9b04b9047c6eeb3dfbd
Status: Downloaded newer image for gcr.io/cpanato-general/rekor-server:v99.999.00-ko
GitVersion:    v99.999.00-ko
GitCommit:     9483863371c04abd9357315909ea26be0f1e5d51
GitTreeState:  clean
BuildDate:     '2021-11-09T11:17:37Z'
GoVersion:     go1.17.3
Compiler:      gc
Platform:      linux/amd64

rekor-server manifest

$ crane manifest gcr.io/cpanato-general/rekor-server:v99.999.00-ko | jq .
{
  "schemaVersion": 2,
  "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
  "manifests": [
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 1079,
      "digest": "sha256:b430beb64dd97da896dc17470ae15c54ea0edb70211a083b5d9817865cd69e94",
      "platform": {
        "architecture": "amd64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 1079,
      "digest": "sha256:518f4e39a158192fd6638f26996905f19804c6c345c5125fa35dba542499024d",
      "platform": {
        "architecture": "arm",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 1079,
      "digest": "sha256:487df4981ece5e4d7d0e707a76c9b2cc7bec45ab02cc2d30ab81aafbbbde359d",
      "platform": {
        "architecture": "arm64",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 1079,
      "digest": "sha256:b935f19bc54276de15380e15861499bc25a004d48f6c8fe44ccb5c1526df7576",
      "platform": {
        "architecture": "ppc64le",
        "os": "linux"
      }
    },
    {
      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
      "size": 1079,
      "digest": "sha256:b08b81446ac9f0f9e2fd2936a79c57b2daa84d735d2a050a7b5155876cb84dcb",
      "platform": {
        "architecture": "s390x",
        "os": "linux"
      }
    }
  ]
}

darwin binary

$ ./Downloads/rekor-cli-darwin-amd64 version
GitVersion:    v99.999.00-ko
GitCommit:     9483863371c04abd9357315909ea26be0f1e5d51
GitTreeState:  clean
BuildDate:     '2021-11-09T11:17:37Z'
GoVersion:     go1.17.3
Compiler:      gc
Platform:      darwin/amd64

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

cpanato · 2021-11-10T09:22:17Z

@dlorenc we can make a release, just need to make sure the infra/setup pre-requisites

cpanato requested review from dlorenc, bobcallaway and lukehinds November 9, 2021 11:28

cpanato force-pushed the update-release branch 2 times, most recently from 0c3437f to 642a054 Compare November 9, 2021 11:38

refactor release and add signing

865667e

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

cpanato force-pushed the update-release branch from 642a054 to 865667e Compare November 9, 2021 11:47

dlorenc approved these changes Nov 10, 2021

View reviewed changes

dlorenc merged commit dfd9117 into sigstore:main Nov 10, 2021

cpanato deleted the update-release branch November 10, 2021 09:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor release and add signing #483

refactor release and add signing #483

cpanato commented Nov 9, 2021 •

edited

Loading

cpanato commented Nov 9, 2021

cpanato commented Nov 10, 2021

refactor release and add signing #483

refactor release and add signing #483

Conversation

cpanato commented Nov 9, 2021 • edited Loading

Summary

Ticket Link

Release Note

cpanato commented Nov 9, 2021

cpanato commented Nov 10, 2021

cpanato commented Nov 9, 2021 •

edited

Loading