docker/attest-provider
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #114 from docker/fix-public-secret-access

Browse Source 
chore: remove GitHub app usage now that attest is public
This commit is contained in:
Jonny Stoten
2024-10-23 10:34:02 +01:00
committed by GitHub
parent 05fee12fb7 56874d0b3a
commit c9aeb94c1d
4 changed files with 4 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/release.yml vendored
View File

@@ -15,13 +15,6 @@ jobs:
with:
username: dockerpublicbot
password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
@@ -52,5 +45,3 @@ jobs:
platforms: linux/amd64,linux/arm64 # todo figure out additional platforms for release
attests: type=sbom,generator=docker/scout-sbom-indexer:1
provenance: mode=max
secrets: |
GITHUB_TOKEN=${{ steps.app-token.outputs.token }}

23
.github/workflows/workflow.yaml vendored
View File

@@ -24,14 +24,6 @@ jobs:
with:
egress-policy: audit
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Set up Go 1.22
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
@@ -40,12 +32,6 @@ jobs:
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Download dependencies
run: |
export GOPRIVATE="github.com/docker/attest"
git config --global "url.https://x-access-token:${{ steps.app-token.outputs.token }}@github.com.insteadof" "https://github.com"
go mod download
# source: https://github.com/golangci/golangci-lint-action
- name: golangci-lint
uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
@@ -72,14 +58,6 @@ jobs:
- name: Check out code into the Go module directory
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
with:
app-id: ${{ vars.DOCKER_READ_APP_ID }}
private-key: ${{ secrets.DOCKER_READ_APP_PRIVATE_KEY }}
repositories: "attest,attest-provider"
- name: Bootstrap e2e
env:
KIND_VERSION: 0.23.0
@@ -110,7 +88,6 @@ jobs:
- name: Build and install attest-provider
run: |
./scripts/generate-tls-cert.sh
export GITHUB_TOKEN=${{ steps.app-token.outputs.token }}
make docker-buildx kind-load-image
helm install attest-provider charts/attest-provider \
--set provider.tls.caBundle="$(cat certs/ca.crt | base64 | tr -d '\n\r')" \

12
Dockerfile
View File

@@ -20,18 +20,6 @@ ENV CGO_ENABLED=0
WORKDIR /app
# --- This block can be removed when github.com/docker/attest is public
ENV GOPRIVATE="github.com/docker/attest"
RUN --mount=type=secret,id=GITHUB_TOKEN <<EOT
set -e
GITHUB_TOKEN=${GITHUB_TOKEN:-$(cat /run/secrets/GITHUB_TOKEN)}
if [ -n "$GITHUB_TOKEN" ]; then
echo "Setting GitHub access token"
git config --global "url.https://x-access-token:${GITHUB_TOKEN}@github.com.insteadof" "https://github.com"
fi
EOT
# ---
ARG VERSION="dev"
RUN --mount=type=bind,source=.,target=/app \

2
Makefile
View File

@@ -43,7 +43,7 @@ docker-buildx-builder:
.PHONY: docker-buildx
docker-buildx: docker-buildx-builder
docker buildx build --platform linux/amd64 --load -t ${IMG} . --secret=id=GITHUB_TOKEN
docker buildx build --platform linux/amd64 --load -t ${IMG} .
.PHONY: kind-load-image
kind-load-image: