public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

Release 1.5.2 with signed kaniko images (#1608) 

* Add cloudbuild job for signing releases

* Add cosign to github actions

* Update to 1.5.2 to release and sign images
This commit is contained in:
priyawadhwa 2021-03-30 14:29:37 -07:00 committed by GitHub
parent eda57e5400
commit 588fd06564
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 65 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.github/workflows/release.yaml vendored
View File

@ -73,6 +73,20 @@ jobs:
gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}
gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}
gcr.io/kaniko-project/executor:latest
- name: Sign images
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v0.2.0'
run: |
export KMS_VAL=gcpkms://projects/kaniko-project/locations/global/keyRings/cosign/cryptoKeys/cosign
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-slim
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}-slim
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:slim
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:latest
build-debug:
env:
@ -131,6 +145,16 @@ jobs:
gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}-debug
gcr.io/kaniko-project/executor:debug
- name: Sign images
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v0.2.0'
run: |
export KMS_VAL=gcpkms://projects/kaniko-project/locations/global/keyRings/cosign/cryptoKeys/cosign
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:${{ env.GITHUB_SHA }}-debug
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:${{ steps.vars.outputs.tag }}-debug
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/executor:debug
build-warmer:
env:
GITHUB_SHA: ${{ github.sha }}
@ -185,4 +209,14 @@ jobs:
tags: |
gcr.io/kaniko-project/warmer:${{ env.GITHUB_SHA }}
gcr.io/kaniko-project/warmer:${{ steps.vars.outputs.tag }}
gcr.io/kaniko-project/warmer:latest
gcr.io/kaniko-project/warmer:latest
- name: Sign images
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v0.2.0'
run: |
export KMS_VAL=gcpkms://projects/kaniko-project/locations/global/keyRings/cosign/cryptoKeys/cosign
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/warmer:${{ env.GITHUB_SHA }}
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/warmer:${{ steps.vars.outputs.tag }}
cosign sign -kms $KMS_VAL gcr.io/kaniko-project/warmer:latest

29
CHANGELOG.md
View File

@ -1,3 +1,32 @@
# v1.5.2 Release 2021-03-30
The executor images in this release are:
```
gcr.io/kaniko-project/executor:v1.5.2
gcr.io/kaniko-project/executor:latest
```
The debug images are available at:
```
gcr.io/kaniko-project/executor:debug
gcr.io/kaniko-project/executor:debug-v1.5.2 and
```
The slim executor images which don't contain any authentication binaries are available at:
```
gcr.io/kaniko-project/executor:slim
gcr.io/kaniko-project/executor:slim-v1.5.2
```
This release is the first to be signed by [cosign](https://github.com/sigstore/cosign)!
The PEM-encoded public key to validate against the released kaniko images is:
```
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9aAfAcgAxIFMTstJUv8l/AMqnSKw
P+vLu3NnnBDHCfREQpV/AJuiZ1UtgGpFpHlJLCNPmFkzQTnfyN5idzNl6Q==
-----END PUBLIC KEY-----
```
# v1.5.1 Release 2021-02-22
This release is a minor release with following a fix to version number for v1.5.0
The kaniko images now report the right version number.

2
Makefile
View File

@ -15,7 +15,7 @@
# Bump these on release
VERSION_MAJOR ?= 1
VERSION_MINOR ?= 5
VERSION_BUILD ?= 1
VERSION_BUILD ?= 2
VERSION ?= v$(VERSION_MAJOR).$(VERSION_MINOR).$(VERSION_BUILD)
VERSION_PACKAGE = $(REPOPATH/pkg/version)