docker/attest-provider
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove GitHub app usage now that attest is public

Browse Source 
Signed-off-by: Jonny Stoten <jonny.stoten@docker.com>
This commit is contained in:
Jonny Stoten
2024-10-23 10:23:58 +01:00
parent 05fee12fb7
commit 56874d0b3a
4 changed files with 4 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/release.yml vendored
View File

@@ -15,13 +15,6 @@ jobs:
with: with:
username: dockerpublicbot username: dockerpublicbot
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }} password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Docker meta - name: Docker meta
id: meta id: meta
uses: docker/metadata-action@v5 uses: docker/metadata-action@v5
@@ -52,5 +45,3 @@ jobs:
platforms: linux/amd64,linux/arm64 # todo figure out additional platforms for release platforms: linux/amd64,linux/arm64 # todo figure out additional platforms for release
attests: type=sbom,generator=docker/scout-sbom-indexer:1 attests: type=sbom,generator=docker/scout-sbom-indexer:1
provenance: mode=max provenance: mode=max
secrets: |
GITHUB_TOKEN=${{ steps.app-token.outputs.token }}

23
.github/workflows/workflow.yaml vendored
View File

@@ -24,14 +24,6 @@ jobs:
with: with:
egress-policy: audit egress-policy: audit
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Set up Go 1.22 - name: Set up Go 1.22
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with: with:
@@ -40,12 +32,6 @@ jobs:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download dependencies
run: |
export GOPRIVATE="github.com/docker/attest"
git config --global "url.https://x-access-token:${{ steps.app-token.outputs.token }}@github.com.insteadof" "https://github.com"
go mod download
# source: https://github.com/golangci/golangci-lint-action # source: https://github.com/golangci/golangci-lint-action
- name: golangci-lint - name: golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
@@ -72,14 +58,6 @@ jobs:
- name: Check out code into the Go module directory - name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Bootstrap e2e - name: Bootstrap e2e
env: env:
KIND_VERSION: 0.23.0 KIND_VERSION: 0.23.0
@@ -110,7 +88,6 @@ jobs:
- name: Build and install attest-provider - name: Build and install attest-provider
run: | run: |
./scripts/generate-tls-cert.sh ./scripts/generate-tls-cert.sh
export GITHUB_TOKEN=${{ steps.app-token.outputs.token }}
make docker-buildx kind-load-image make docker-buildx kind-load-image
helm install attest-provider charts/attest-provider \ helm install attest-provider charts/attest-provider \
--set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \ --set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \

18
Dockerfile
View File

@@ -20,24 +20,12 @@ ENV CGO_ENABLED=0
WORKDIR /app WORKDIR /app
# --- This block can be removed when github.com/docker/attest is public
ENV GOPRIVATE="github.com/docker/attest"
RUN --mount=type=secret,id=GITHUB_TOKEN <<EOT
set -e
GITHUB_TOKEN=${GITHUB_TOKEN:-$(cat /run/secrets/GITHUB_TOKEN)}
if [ -n "$GITHUB_TOKEN" ]; then
echo "Setting GitHub access token"
git config --global "url.https://x-access-token:${GITHUB_TOKEN}@github.com.insteadof" "https://github.com"
fi
EOT
# ---
ARG VERSION="dev" ARG VERSION="dev"
RUN --mount=type=bind,source=.,target=/app \ RUN --mount=type=bind,source=.,target=/app \
--mount=type=cache,target=$GOPATH/pkg/mod \ --mount=type=cache,target=$GOPATH/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \ --mount=type=cache,target=/root/.cache/go-build \
go build -ldflags "-X main.version=$VERSION" -o /bin/attest main.go go build -ldflags "-X main.version=$VERSION" -o /bin/attest main.go
FROM ${BASEIMAGE} AS production FROM ${BASEIMAGE} AS production

2
Makefile
View File

@@ -43,7 +43,7 @@ docker-buildx-builder:
.PHONY: docker-buildx .PHONY: docker-buildx
docker-buildx: docker-buildx-builder docker-buildx: docker-buildx-builder
docker buildx build --platform linux/amd64 --load -t ${IMG} . --secret=id=GITHUB_TOKEN docker buildx build --platform linux/amd64 --load -t ${IMG} .
.PHONY: kind-load-image .PHONY: kind-load-image
kind-load-image: kind-load-image: