cleanup: drop support for Codenotary CAS

Signed-off-by: Christian Kotzbauer <[email protected]>

.github/workflows/create-release.yml

@@ -23,22 +23,6 @@ jobs:
       pat: ${{ secrets.REPO_ACCESS }}
       ghcr-password: ${{ secrets.GHCR_PASSWORD }}
 
-  job-image-cas:
-    uses: ckotzbauer/sbom-operator/.github/workflows/release-job-image.yml@main
-    needs: [release]
-    with:
-      version: ${{ github.event.inputs.version }}
-      job-image: cas
-      docker-platforms: linux/amd64
-      docker-tags: |
-        ghcr.io/ckotzbauer/sbom-operator/cas:${{ github.event.inputs.version }}
-        ghcr.io/ckotzbauer/sbom-operator/cas:latest
-      cosign-repository: ghcr.io/ckotzbauer/sbom-operator-metadata
-    secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
-      pat: ${{ secrets.REPO_ACCESS }}
-      ghcr-password: ${{ secrets.GHCR_PASSWORD }}
-
   job-image-vcn:
     uses: ckotzbauer/sbom-operator/.github/workflows/release-job-image.yml@main
     needs: [release]

.github/workflows/release-job-image.yml

@@ -76,14 +76,3 @@ jobs:
           verify: true
           attest: true
           cosign-repository: ${{ inputs.cosign-repository }}
-
-      - name: Generate Provenance
-        uses: ckotzbauer/actions-toolkit/[email protected]
-        with:
-          action-sha: "0.22.0"
-          images: ${{ inputs.docker-tags }}
-          artifact-path: job-images/${{ inputs.job-image }}
-          sign: true
-          verify: true
-          attest: true
-          cosign-repository: ${{ inputs.cosign-repository }}

README.md

@@ -253,22 +253,21 @@ the SBOMs on its own. Currently there are two possible integrations:
 
 | Tool | Description |
 | ---- | ----------- |
-| [Codenotary CAS](job-images/cas/README.md) | The Community Attestation Service from Codenotary can notarize your images in the Codenotary Cloud. (free) |
 | [Codenotary VCN](job-images/vcn/README.md) | The VCN-Tool from Codenotary can notarize your images in the Codenotary Cloud. (chargeable) |
 
 This feature is built as generic approach. Any image which follows [these specs](job-images/SPEC.md) can be used as job-image.
 
 e.g. Manifest (`deploy/job-image`):
 ```yaml
---job-image=ghcr.io/ckotzbauer/sbom-operator/cas:<TAG>
+--job-image=ghcr.io/ckotzbauer/sbom-operator/vcn:<TAG>
 ```
 
 e.g. Helm:
 ```yaml
 jobImageMode: true
 
 envVars:
-  - name: SBOM_JOB_CAS_API_KEY
+  - name: SBOM_JOB_VCN_LC_API_KEY
     value: "<KEY>"
 ```
 

deploy/job-image/deployment.yaml

@@ -31,12 +31,12 @@ spec:
             fieldRef:
               fieldPath: metadata.uid
         # Free account
-        - name: SBOM_JOB_CAS_API_KEY
+        - name: SBOM_JOB_VCN_API_KEY
           value: ""
         args:
           # example values
           - --cron="0 6 * * * *"
-          - --job-image=ghcr.io/ckotzbauer/sbom-operator/cas:0.10.0
+          - --job-image=ghcr.io/ckotzbauer/sbom-operator/vcn:0.10.0
           #- --pod-label-selector=sbom-operator\=true
         ports:
         - containerPort: 8080

job-images/vcn/README.md

@@ -7,8 +7,7 @@ This Job-Image notarizes your images with VCN.
 
 ## Usage
 
-1. Reach out to Codenotary to get an API-Key for the VCN tool. If you're searching for the free Attestation Service from Codenotary
-use the [CAS-Image](../cas/README.md) instead.
+1. Reach out to Codenotary to get an API-Key for the VCN tool.
 2. Add the following flag to the operator-installation.
 
 Manifest: