From 90654a3e9f19d2d5e1128baeb6131e99aace9b7a Mon Sep 17 00:00:00 2001 From: Carlos Salas Date: Mon, 23 Oct 2023 15:29:20 +0200 Subject: [PATCH] chore: disable slsa provenance in release workflow Signed-off-by: Carlos Salas --- .github/workflows/release.yaml | 70 +--------------------------------- 1 file changed, 1 insertion(+), 69 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1a543981..2cc21b5f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -101,40 +101,6 @@ jobs: image=$(echo ${{ matrix.images.image }} | base64 -d | base64 -d) cosign verify ${image} --certificate-identity=https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ env.TAG }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - ghcr-provenance: - needs: [ghcr-sign] - permissions: - actions: read - id-token: write - packages: write - strategy: - matrix: - images: [ - { - "image":"${{ needs.build-ghcr.outputs.multiarch_image }}", - "digest":"${{ needs.build-ghcr.outputs.multiarch_digest }}" - }, - { - "image":"${{ needs.build-ghcr.outputs.amd64_image }}", - "digest":"${{ needs.build-ghcr.outputs.amd64_digest }}" - }, - { - "image":"${{ needs.build-ghcr.outputs.arm64_image }}", - "digest":"${{ needs.build-ghcr.outputs.arm64_digest }}" - }, - { - "image":"${{ needs.build-ghcr.outputs.s390x_image }}", - "digest":"${{ needs.build-ghcr.outputs.s390x_digest }}" - } - ] - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 - with: - image: $(echo ${{ matrix.images.image }} | base64 -d | base64 -d) - digest: $(echo ${{ matrix.images.digest }} | base64 -d | base64 -d) - secrets: - registry-username: ${{ github.actor }} - registry-password: ${{ secrets.GITHUB_TOKEN }} - build-prod: runs-on: ubuntu-latest permissions: @@ -227,43 +193,9 @@ jobs: image=$(echo ${{ matrix.images.image }} | base64 -d | base64 -d) cosign verify ${image} --certificate-identity=https://github.com/rancher-sandbox/rancher-turtles/.github/workflows/release.yaml@refs/tags/${{ env.TAG }} --certificate-oidc-issuer=https://token.actions.githubusercontent.com - prod-provenance: - needs: [prod-sign] - permissions: - actions: read - id-token: write - packages: write - strategy: - matrix: - images: [ - { - "image":"${{ needs.build-prod.outputs.multiarch_image }}", - "digest":"${{ needs.build-prod.outputs.multiarch_digest }}" - }, - { - "image":"${{ needs.build-prod.outputs.amd64_image }}", - "digest":"${{ needs.build-prod.outputs.amd64_digest }}" - }, - { - "image":"${{ needs.build-prod.outputs.arm64_image }}", - "digest":"${{ needs.build-prod.outputs.arm64_digest }}" - }, - { - "image":"${{ needs.build-prod.outputs.s390x_image }}", - "digest":"${{ needs.build-prod.outputs.s390x_digest }}" - } - ] - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0 - with: - image: $(echo ${{ matrix.images.image }} | base64 -d | base64 -d) - digest: $(echo ${{ matrix.images.digest }} | base64 -d | base64 -d) - secrets: - registry-username: ${{ secrets.REGISTRY_USERNAME }} - registry-password: ${{ secrets.REGISTRY_PASSWORD }} - release: name: Create helm release - needs: [prod-provenance] + needs: [prod-sign] runs-on: ubuntu-latest env: TAG: ${{ github.ref_name }}