Skip to content

Add signatureFormat in the conversion so that alpha1 and beta1 can be… #16

Add signatureFormat in the conversion so that alpha1 and beta1 can be…

Add signatureFormat in the conversion so that alpha1 and beta1 can be… #16

Workflow file for this run

name: Release
on:
push:
tags:
- "v*"
jobs:
release:
runs-on: ubuntu-latest
permissions:
attestations: write
contents: write
id-token: write
packages: write
env:
KO_DOCKER_REPO: ghcr.io/github/policy-controller-webhook
KOCACHE: /tmp/ko
steps:
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
ref: "release"
fetch-tags: true
- uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version-file: "./go.mod"
check-latest: true
- uses: ko-build/setup-ko@ace48d793556083a76f1e3e6068850c1f4a369aa # v0.6
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and publish webhook to GHCR
id: build
run: |
export GIT_HASH=`git rev-parse HEAD`
export GIT_VERSION=`git describe --tags --always --dirty`
export BUILD_DATE=`date +%Y-%m-%dT%H:%M:%SZ`
export LDFLAGS="-buildid= -X sigs.k8s.io/release-utils/version.gitVersion=$GIT_VERSION -X sigs.k8s.io/release-utils/version.gitCommit=$GIT_HASH -X sigs.k8s.io/release-utils/version.buildDate=$BUILD_DATE"
mkdir -p ${{ env.KOCACHE }}
# ko build should print ghcr.io/github/policy-controller-webhook@sha256:<digest>
# to standard out. Capture the image digest for the build provenance step
IMAGE_DIGEST=$(ko build --bare --tags $GIT_VERSION --tags $GIT_HASH --platform=linux/amd64 --sbom=none github.com/sigstore/policy-controller/cmd/webhook | cut -d'@' -f2)
echo "image_digest=$IMAGE_DIGEST" >> $GITHUB_OUTPUT
- name: Attest
uses: actions/attest-build-provenance@951c0c5f8e375ad4efad33405ab77f7ded2358e4 # v1.1.1
id: attest
with:
subject-name: ${{ env.KO_DOCKER_REPO }}
subject-digest: ${{ steps.build.outputs.image_digest }}
push-to-registry: true