Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

.github/workflows: add wasi-demo-app to the publish pipeline #733

Open
wants to merge 19 commits into
base: main
Choose a base branch
from

Conversation

Mossaka
Copy link
Member

@Mossaka Mossaka commented Nov 17, 2024

  • Added wasi-demo-{app, oci, oci-artifact} build and publish as a new release pipeline.
  • Added SBOM and signing to the image release pipeline

Release

You can release the image by running

gh workflow run release-wasi-demo-app.yml -f dry_run=false -f version=0.1.0

Verify Signing:

cosign verify ghcr.io/containerd/runwasi/wasi-demo-app:0.1.0 --certificate-identity https://github.com/containerd/runwasi/.github/workflows/sign.yml@refs/heads/main --certificate-oidc-issuer https://token.actions.githubusercontent.com

Forked Run

You can view a sample run in my forked repo: https://github.com/Mossaka/runwasi/actions/runs/12346148057
and released images: https://github.com/Mossaka/runwasi/pkgs/container/runwasi%2Fwasi-demo-app

note that each release produces four tags:

  1. sha256-21a41dba8c23d354309d4fdb0b7e7a1afa0eee98ec522d7c31e47d3a5c4b6b2f.sig

  2. sha256-d517c179cfaee83d38c83f874df5991c87719f6a06873b08b4b1a4de6a97b98a.sbom

  3. sha256-d517c179cfaee83d38c83f874df5991c87719f6a06873b08b4b1a4de6a97b98a.sig

  4. 0.3.0

They are the image, the signature of the image, the SBOM and the signature of the SBOM.

@Mossaka Mossaka linked an issue Nov 17, 2024 that may be closed by this pull request
* Renamed relaese-wasi-demo-app.yml to release-wasi-demo-app.yml to fix a typo.
* Corrected indentation for the dry_run input in the workflow file.

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
* Replaced individual make commands with make load and make load/oci.

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
* Added a sign.yml workflow to sign container images using cosign.
* Added sbom.yml workflow to generate, sign, and attach SBOMs to OCI images.
* Added new workflows (sign-wasi-demo-app, sbom-wasi-demo-app, etc.) into the release pipeline for all image types.

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
* Updated sign.yml and sbom.yml to use image-digest instead of version.

Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
Signed-off-by: Jiaxiao (mossaka) Zhou <[email protected]>
@Mossaka Mossaka marked this pull request as ready for review December 16, 2024 05:06
set -e
IMG_REPOSITORY_NAME=$( echo ${{ github.repository }} | awk '{print tolower($0)}' )
echo IMG_REPOSITORY_NAME=${IMG_REPOSITORY_NAME} >> $GITHUB_ENV
DIGEST=$(crane digest \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can accomplish the same thing with docker which is already installed. I would prefer not installing extra GitHub actions if not needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Publish wasi-demo-app as a package
2 participants