Skip to content

sign release artifacts using cosign #1093

sign release artifacts using cosign

sign release artifacts using cosign #1093

Workflow file for this run

name: test-gh
on:
push:
branches:
- develop
paths-ignore:
- 'docs/**'
- '*.md'
- 'examples/**'
pull_request:
types: [opened, reopened, synchronize]
paths-ignore:
- 'docs/**'
- '*.md'
- 'examples/**'
jobs:
test-all:
name: Test GH
runs-on: ubuntu-latest
environment: DockerHub E2E
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/[email protected]
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: true
- name: Set up Go 1.x
uses: actions/setup-go@v3
with:
go-version: "1.21.3"
- name: Check out code into the Go module directory
uses: actions/[email protected]
with:
path: src/github.com/${{ github.repository }}
fetch-depth: 0
- name: Install Carvel Tools
uses: carvel-dev/setup-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
only: ytt, kapp
- name: Run Tests
env:
DOCKERHUB_USERNAME: k8slt
DOCKERHUB_ACCESS_TOKEN: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
run: |
set -e -x
minikube start --driver=docker --wait=all --mount --mount-string "$HOME:$HOME"
eval $(minikube docker-env --shell=bash)
# when this workflow runs of a pull request based on a fork, secrets are unavailable
# https://docs.github.com/en/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow
if [[ "${DOCKERHUB_ACCESS_TOKEN}" != "" ]]; then
# Authenticate to DockerHub to avoid test failures due to rate limiting
# ... for builders using Docker
set +x
echo "${DOCKERHUB_ACCESS_TOKEN}" | docker login --username "${DOCKERHUB_USERNAME}" --password-stdin
# ... for kubectl-buildkit
minikube kubectl --ssh=true -- create secret docker-registry buildkit \
--docker-username="${DOCKERHUB_USERNAME}" \
--docker-password="${DOCKERHUB_ACCESS_TOKEN}"
# ... for any other service account that pulls images from DockerHub
minikube kubectl --ssh=true -- create secret docker-registry dockerhub-credentials \
--docker-username="${DOCKERHUB_USERNAME}" \
--docker-password="${DOCKERHUB_ACCESS_TOKEN}"
set -x
else
echo "No DockerHub Access Token set; skipping Docker authentication. There may be rate limit errors."
fi
# Ensure that there is no existing kbld installed
rm -f /tmp/bin/kbld
cd "src/github.com/${{ github.repository }}"
export KBLD_E2E_SKIP_WHEN_HTTP_REGISTRY=true
./hack/build-binaries.sh
./hack/test-all-locally.sh