Skip to content

Update builder image, cosign image, golangci-lint #7944

Update builder image, cosign image, golangci-lint

Update builder image, cosign image, golangci-lint #7944

Workflow file for this run

on:
push:
paths:
- '**'
- '!**.md'
- '!doc/**'
- '!**.txt'
- '!images/**'
- '!LICENSE'
- 'test/**'
branches:
- main
- release-*
pull_request:
permissions: read-all
name: Cross
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
include:
- os: macos-latest
COSIGN_TARGET: cosign-darwin-amd64
COSIGN_PASSWORD: COSIGN_PASSWORD
- os: ubuntu-latest
COSIGN_TARGET: cosign-linux-amd64
COSIGN_PASSWORD: COSIGN_PASSWORD
- os: windows-latest
COSIGN_TARGET: cosign-windows-amd64.exe
COSIGN_PASSWORD: COSIGN_PASSWORD
steps:
- name: Install Go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
with:
go-version: '1.21'
check-latest: true
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: build cosign
run: |
make cosign && mv ./cosign ./${{matrix.COSIGN_TARGET}}
- name: Create checksum file
shell: pwsh
run: |
$hash=Get-FileHash -Path ./${{matrix.COSIGN_TARGET}}
Write-Output $($hash.Hash + " " + $(([io.fileinfo]$hash.path).basename)) | Tee-Object -Path ${{matrix.COSIGN_TARGET}}.sha256
- name: sign
shell: bash
env:
COSIGN_PASSWORD: ${{secrets[matrix.COSIGN_PASSWORD]}}
if: github.event_name != 'pull_request'
run: |
./${{matrix.COSIGN_TARGET}} sign-blob --yes --key ./.github/workflows/cosign-test.key ./${{matrix.COSIGN_TARGET}} > ${{matrix.COSIGN_TARGET}}.sig
- name: verify
if: github.event_name != 'pull_request'
run: |
./${{matrix.COSIGN_TARGET}} verify-blob --key ./.github/workflows/cosign-test.pub --signature ${{matrix.COSIGN_TARGET}}.sig ./${{matrix.COSIGN_TARGET}}
- name: artifacts file name
shell: bash
if: github.event_name != 'pull_request'
run: |
name=$(echo ${{ matrix.os }} | cut -f1 -d"-")
echo "artifactsfilename=$name" >> $GITHUB_ENV
- name: Upload artifacts
if: github.event_name != 'pull_request'
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: artifacts-${{ env.artifactsfilename }}
path: |
cosign-*
cosign.-*sha256
cosign-*.sig