|
| 1 | +name: containerd-image-verifier-sigstore |
| 2 | +variant: scratch |
| 3 | +shell: /toolchain/bin/bash |
| 4 | +dependencies: |
| 5 | + - stage: base |
| 6 | +steps: |
| 7 | + - sources: |
| 8 | + - url: https://github.com/sigstore/policy-controller/archive/refs/tags/{{ .SIGSTORE_POLICY_TESTER_VERSION }}.tar.gz |
| 9 | + destination: sigstore-policy-controller.tar.gz |
| 10 | + sha256: f0a3545341b426a77452f58be10f01d194e157e8232bf512967fd36984dd096e |
| 11 | + sha512: fb542d15b0b269e505888e41ba7af456e489d7592dca459b193e02ab59cbadd64c9bdcf23ef0323143f8c0905c2aecafad705bd56a31905f3e63dd311d022be1 |
| 12 | + - url: https://github.com/BobyMCbobs/containerd-image-verifier-sigstore/archive/refs/tags/{{ .CONTAINERD_IMAGE_VERIFIER_SIGSTORE_VERSION }}.tar.gz |
| 13 | + destination: containerd-image-verifier-sigstore.tar.gz |
| 14 | + sha256: aaa04e076733dcc08a20d7636be588846dfbf371f55fb23e82d3c0440779972c |
| 15 | + sha512: cf62552a2842536fd07337eb7cdfb36afa6c795c99cb4eebdcaef0251848f4db2a763af21731d81af9fb6b46ccd4d604ca37c8ef7eaaad0d017722bb66cd2a4e |
| 16 | + env: |
| 17 | + GOPATH: /go |
| 18 | + cachePaths: |
| 19 | + - /.cache/go-build |
| 20 | + - /go/pkg |
| 21 | + prepare: |
| 22 | + - | |
| 23 | + sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml |
| 24 | + - | |
| 25 | + mkdir -p ${GOPATH}/src/github.com/sigstore/policy-controller |
| 26 | +
|
| 27 | + tar -xzf sigstore-policy-controller.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/sigstore/policy-controller |
| 28 | + - | |
| 29 | + mkdir -p ${GOPATH}/src/github.com/BobyMCbobs/containerd-image-verifier-sigstore |
| 30 | +
|
| 31 | + tar -xzf containerd-image-verifier-sigstore.tar.gz --strip-components=1 -C ${GOPATH}/src/github.com/BobyMCbobs/containerd-image-verifier-sigstore |
| 32 | + build: |
| 33 | + - | |
| 34 | + export PATH=${PATH}:${TOOLCHAIN}/go/bin |
| 35 | + cd ${GOPATH}/src/github.com/sigstore/policy-controller |
| 36 | +
|
| 37 | + mkdir ./bin |
| 38 | +
|
| 39 | + CGO_ENABLED=0 go build -o ./bin/sigstore-policy-tester ./cmd/tester |
| 40 | + - | |
| 41 | + export PATH=${PATH}:${TOOLCHAIN}/go/bin |
| 42 | + cd ${GOPATH}/src/github.com/BobyMCbobs/containerd-image-verifier-sigstore |
| 43 | +
|
| 44 | + mkdir ./bin |
| 45 | +
|
| 46 | + CGO_ENABLED=0 go build -ldflags="-X 'main.DefaultPolicyDirPath=/var/local/etc/containers/sigstore/'" -o ./bin/containerd-image-verifier-sigstore . |
| 47 | + install: |
| 48 | + - | |
| 49 | + cd ${GOPATH}/src/github.com/sigstore/policy-controller |
| 50 | + mkdir -p /rootfs/usr/local/bin/ |
| 51 | + cp -av bin/sigstore-policy-tester /rootfs/usr/local/bin/ |
| 52 | +
|
| 53 | + - | |
| 54 | + cd ${GOPATH}/src/github.com/BobyMCbobs/containerd-image-verifier-sigstore |
| 55 | + mkdir -p /rootfs/usr/local/bin/containerd-image-verifier/ |
| 56 | + cp -av bin/containerd-image-verifier-sigstore /rootfs/usr/local/bin/containerd-image-verifier/ |
| 57 | +
|
| 58 | + - | |
| 59 | + mkdir -p /rootfs/etc/cri/conf.d |
| 60 | +
|
| 61 | + cp /pkg/10-containerd-image-verifier.part /rootfs/etc/cri/conf.d/ |
| 62 | + test: |
| 63 | + - | |
| 64 | + mkdir -p /extensions-validator-rootfs |
| 65 | + cp -r /rootfs/ /extensions-validator-rootfs/rootfs |
| 66 | + cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml |
| 67 | + /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" |
| 68 | +
|
| 69 | +finalize: |
| 70 | + - from: /rootfs |
| 71 | + to: /rootfs |
| 72 | + - from: /pkg/manifest.yaml |
| 73 | + to: / |
0 commit comments