Merge pull request #231 from salasberryfin/revert-slsa-provenance

chore: disable slsa provenance in release workflow
rancher · Oct 23, 2023 · a06f1d6 · a06f1d6
2 parents c962726 + 90654a3
commit a06f1d6
Showing 1 changed file with 1 addition and 69 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -101,40 +101,6 @@ jobs:
           image=$(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
           cosign verify ${image} --certificate-identity=https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ env.TAG }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 
-  ghcr-provenance:
-    needs: [ghcr-sign]
-    permissions:
-      actions: read 
-      id-token: write
-      packages: write
-    strategy:
-      matrix:
-        images: [
-          {
-              "image":"${{ needs.build-ghcr.outputs.multiarch_image }}",
-              "digest":"${{ needs.build-ghcr.outputs.multiarch_digest }}"
-          },
-          {
-              "image":"${{ needs.build-ghcr.outputs.amd64_image }}",
-              "digest":"${{ needs.build-ghcr.outputs.amd64_digest }}"
-          },
-          {
-              "image":"${{ needs.build-ghcr.outputs.arm64_image }}",
-              "digest":"${{ needs.build-ghcr.outputs.arm64_digest }}"
-          },
-          {
-              "image":"${{ needs.build-ghcr.outputs.s390x_image }}",
-              "digest":"${{ needs.build-ghcr.outputs.s390x_digest }}"
-          }
-        ]
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
-    with:
-      image: $(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
-      digest: $(echo ${{ matrix.images.digest }} | base64 -d | base64 -d)
-    secrets:
-      registry-username: ${{ github.actor }}
-      registry-password: ${{ secrets.GITHUB_TOKEN }}
-
   build-prod:
     runs-on: ubuntu-latest
     permissions:
@@ -227,43 +193,9 @@ jobs:
           image=$(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
           cosign verify ${image} --certificate-identity=https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ env.TAG }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 
-  prod-provenance:
-    needs: [prod-sign]
-    permissions:
-      actions: read
-      id-token: write
-      packages: write
-    strategy:
-      matrix:
-        images: [
-          {
-              "image":"${{ needs.build-prod.outputs.multiarch_image }}",
-              "digest":"${{ needs.build-prod.outputs.multiarch_digest }}"
-          },
-          {
-              "image":"${{ needs.build-prod.outputs.amd64_image }}",
-              "digest":"${{ needs.build-prod.outputs.amd64_digest }}"
-          },
-          {
-              "image":"${{ needs.build-prod.outputs.arm64_image }}",
-              "digest":"${{ needs.build-prod.outputs.arm64_digest }}"
-          },
-          {
-              "image":"${{ needs.build-prod.outputs.s390x_image }}",
-              "digest":"${{ needs.build-prod.outputs.s390x_digest }}"
-          }
-        ]
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
-    with:
-      image: $(echo ${{ matrix.images.image }} | base64 -d | base64 -d)
-      digest: $(echo ${{ matrix.images.digest }} | base64 -d | base64 -d)
-    secrets:
-      registry-username: ${{ secrets.REGISTRY_USERNAME }}
-      registry-password: ${{ secrets.REGISTRY_PASSWORD }}
-
   release:
     name: Create helm release
-    needs: [prod-provenance]
+    needs: [prod-sign]
     runs-on: ubuntu-latest
     env:
       TAG: ${{ github.ref_name }}