forked from sigstore/cosign
/
release.mk
51 lines (39 loc) · 2.13 KB
/
release.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
##################
# release section
##################
# used when releasing together with GCP CloudBuild
.PHONY: release
release:
LDFLAGS="$(LDFLAGS)" goreleaser release --timeout 120m
###########################
# sign with GCP KMS section
###########################
.PHONY: sign-cosign-release
sign-cosign-release:
cosign sign --force --key "gcpkms://projects/${PROJECT_ID}/locations/${KEY_LOCATION}/keyRings/${KEY_RING}/cryptoKeys/${KEY_NAME}/versions/${KEY_VERSION}" -a GIT_HASH=$(GIT_HASH) -a GIT_VERSION=$(GIT_VERSION) ${KO_PREFIX}/cosign:$(GIT_VERSION)
.PHONY: sign-cosigned-release
sign-cosigned-release:
cosign sign --force --key "gcpkms://projects/${PROJECT_ID}/locations/${KEY_LOCATION}/keyRings/${KEY_RING}/cryptoKeys/${KEY_NAME}/versions/${KEY_VERSION}" -a GIT_HASH=$(GIT_HASH) -a GIT_VERSION=$(GIT_VERSION) ${KO_PREFIX}/cosigned:$(GIT_VERSION)
.PHONY: sign-sget-release
sign-sget-release:
cosign sign --force --key "gcpkms://projects/${PROJECT_ID}/locations/${KEY_LOCATION}/keyRings/${KEY_RING}/cryptoKeys/${KEY_NAME}/versions/${KEY_VERSION}" -a GIT_HASH=$(GIT_HASH) -a GIT_VERSION=$(GIT_VERSION) ${KO_PREFIX}/sget:$(GIT_VERSION)
.PHONY: sign-container-release
sign-container-release: ko sign-cosign-release sign-cosigned-release sign-sget-release
######################
# sign keyless section
######################
.PHONY: sign-keyless-cosign-release
sign-keyless-cosign-release:
cosign sign --force -a GIT_HASH=$(GIT_HASH) -a GIT_VERSION=$(GIT_VERSION) ${KO_PREFIX}/cosign:$(GIT_VERSION)
.PHONY: sign-keyless-cosigned-release
sign-keyless-cosigned-release:
cosign sign --force -a GIT_HASH=$(GIT_HASH) -a GIT_VERSION=$(GIT_VERSION) ${KO_PREFIX}/cosigned:$(GIT_VERSION)
.PHONY: sign-keyless-sget-release
sign-keyless-sget-release:
cosign sign --force -a GIT_HASH=$(GIT_HASH) -a GIT_VERSION=$(GIT_VERSION) ${KO_PREFIX}/sget:$(GIT_VERSION)
.PHONY: sign-keyless-release
sign-keyless-release: sign-keyless-cosign-release sign-keyless-cosigned-release sign-keyless-sget-release
# used when need to validate the goreleaser
.PHONY: snapshot
snapshot:
LDFLAGS="$(LDFLAGS)" goreleaser release --skip-sign --skip-publish --snapshot --rm-dist --timeout 60m