Skip to content

Poluect/scss

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

99 Commits
.github/workflows
.github/workflows
 
 
build
build
 
 
ci
ci
 
 
infrastructure
infrastructure
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.sylabs-scoring.yml
.sylabs-scoring.yml
 
 
README.md
README.md
 
 
install.sh
install.sh
 
 

Repository files navigation

Github actions

When pushing a tag ti github, github actions automatically creates release for it, with signing of release assets using github workflow identity (see this and this for more info)

So then binary files can be validated using cosign (with checksums.txt and checksubs.txt.sig upload from github release assets):

COSIGN_EXPERIMENTAL=1 cosign verify-blob -signature ~/Downloads/checksums.txt.sig ~/Downloads/checksums.txt

Fork instructions:

  1. Set following secrets in your repo:
  • DOCKER_USERNAME
  • DOCKER_PASSWORD
  • COSIGN_KEY
  • COSIGN_PASSWORD
  • CODECOV_TOKEN

In order to generate cosign token:

# in case cosign not installed
go install github.com/sigstore/cosign/cmd/[email protected]

cosign generate-key-pair

, then copy generated key and password to github secrets

  1. In .github/workflows/github-actions-demo.yml replace skifdh/test with your own docker image path.

  2. Codecov step is standalone, impact only build step, and can be easily commented

Preparing before installing scss

Install core:

kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

Check storage classes:

kubectl get storageclasses

for Minikube:

kubectl create configmap config-artifact-pvc \
                         --from-literal=size=10Gi \
                         --from-literal=storageClassName=standard \
                         -o yaml -n tekton-pipelines \
                         --dry-run=client | kubectl replace -f -

Install triggers:

kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml

Dashboard (optional):

kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml
kubectl proxy --port=8080

Install scss

./install.sh

Docker registry access:

kubectl -n sscs create secret docker-registry regcred \
                    --docker-server=<your-registry-server> \
                    --docker-username=<your-name> \
                    --docker-password=<your-pword> \
                    --docker-email=<your-email>

Tektok chains

kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml

Prepare chains:

kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.format": "in-toto"}}'
kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"artifacts.taskrun.storage": "oci"}}'
kubectl patch configmap chains-config -n tekton-chains -p='{"data":{"transparency.enabled": "true"}}'

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

4 forks
Report repository

Releases 36

v0.1.36 Latest
Mar 31, 2022
+ 35 releases

Packages

No packages published

Languages