Add tuf-on-ci workflows #1256
Merged
Add tuf-on-ci workflows #1256
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
haydentherapper
requested review from
joshuagl,
haydentherapper and
kommendorkapten
haydentherapper
previously approved these changes
Jun 5, 2024
jku
force-pushed
the
add-tuf-on-ci-workflows
branch
from
d5451b7
to
f2e4e49
Compare
This comment was marked as outdated.
This comment was marked as outdated.
jku
force-pushed
the
add-tuf-on-ci-workflows
branch
from
f2e4e49
to
0bb632f
Compare
|
... and I had to rebase because the renamed workflow confused githubs merge resolution |
|
I've included the GCP details in the online-sign workflow:
|
haydentherapper
previously approved these changes
Jun 6, 2024
kommendorkapten
previously approved these changes
Jun 10, 2024
Same name is used in tuf-on-ci workflows: I would rather rename this one since the tuf-on-ci workflow is used with workflow_call so referenced in other workflows Signed-off-by: Jussi Kukkonen <[email protected]>
These are direct copies from root-signing-staging: the required changes are done in separate commits to make them visible. Signed-off-by: Jussi Kukkonen <[email protected]>
Workflows were copied from staging. Modify them for production: * Tweak PR and issue templates * test workflows require URL changes (and some variable name changes) * test workflows also get a new step where initial root is defined (as python-tuf does not consider root < 5 to be valid) * deploy-to-gcs was modified so the gcloud details are internal to the workflow (since in prod it's a separate gcloud project/account, not the "tuf-on-ci online signing accout") Signed-off-by: Jussi Kukkonen <[email protected]>
* Disable all scheduled runs * Additionally remove publishing to GCS completely for now Signed-off-by: Jussi Kukkonen <[email protected]>
This test was just added in root-signing-staging so was not in the initial copy. Signed-off-by: Jussi Kukkonen <[email protected]>
Original design uses GitHub variables: This keeps the online-sign workflow unchanged from the upstream one and would be nice if the variables were managed with configuration-as-code. Unfortunately this is not possible in root-signing. Embed GCP details in the workflow. Signed-off-by: Jussi Kukkonen <[email protected]>
jku
force-pushed
the
add-tuf-on-ci-workflows
branch
from
4ba1fbd
to
94a24d9
Compare
|
I had to rebase as GitHub uses a conflict resolution that failed in this case (the default one in git rebase just works). No changes. |
haydentherapper
approved these changes
Jul 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add workflows for tuf-on-ci (see #1247 and for larger context #929).
These workflows should be complete and ready however: