Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add json/yaml output to flux push artifact #3540

Merged
merged 2 commits into from
Jan 31, 2023
Merged

Add json/yaml output to flux push artifact #3540

merged 2 commits into from
Jan 31, 2023

Conversation

stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Jan 31, 2023
edited
Loading

This PR enables extracting the OCI artifact image name and digest from the flux push artifact output in CI.

Example output:

$ .flux push artifact oci://localhost:5050/my-app-config:v1.0.0 --source=local --revision=local --path ./manifests/ -ojson
{
  "url": "oci://localhost:5050/my-app-config@sha256:ccbcfcf35161d3b8127a9658c0dcda9a69ec099d22031269930b4e0e3038779c",
  "repository": "localhost:5050/my-app-config",
  "tag": "v1.0.0",
  "digest": "sha256:ccbcfcf35161d3b8127a9658c0dcda9a69ec099d22031269930b4e0e3038779c"
}

Example of signing the pushed artifact with cosign:

  digest_url = $(flux push artifact  \
	oci://ghcr.io/org/config/app:$(git rev-parse --short HEAD) \
	--source="$(git config --get remote.origin.url)" \
	--revision="$(git branch --show-current)/$(git rev-parse HEAD)" \
	--path="./path/to/local/manifest.yaml" \
	--output json| \
	jq -r '. | .repository + "@" + .digest')
  cosign sign $digest_url

@stefanprodan stefanprodan added enhancement New feature or request area/oci OCI related issues and pull requests labels Jan 31, 2023
@stefanprodan stefanprodan requested a review from hiddeco January 31, 2023 11:22
@stefanprodan
Add json/yaml output to flux push artifact
56807fd 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan stefanprodan force-pushed the push-output branch 2 times, most recently from d0422e7 to 837c249 Compare January 31, 2023 11:38
hiddeco
hiddeco reviewed Jan 31, 2023
View reviewed changes
cmd/flux/push_artifact.go Outdated Show resolved Hide resolved
@stefanprodan stefanprodan force-pushed the push-output branch 3 times, most recently from 7e33be5 to 42da8e2 Compare January 31, 2023 12:01
hiddeco
hiddeco reviewed Jan 31, 2023
View reviewed changes
cmd/flux/push_artifact.go Outdated Show resolved Hide resolved
@stefanprodan stefanprodan force-pushed the push-output branch 2 times, most recently from 42d4969 to ad5b460 Compare January 31, 2023 12:11
hiddeco
hiddeco approved these changes Jan 31, 2023
View reviewed changes
Copy link
Member

@hiddeco hiddeco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking great, thanks @stefanprodan 💯 🙇

hiddeco
hiddeco reviewed Jan 31, 2023
View reviewed changes
cmd/flux/push_artifact.go Outdated Show resolved Hide resolved
@stefanprodan
Add example of push and sign OCI artifacts
6681cd0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
@stefanprodan stefanprodan mentioned this pull request Jan 31, 2023
Closed
16 tasks
@stefanprodan stefanprodan merged commit 023a709 into main Jan 31, 2023
@stefanprodan stefanprodan deleted the push-output branch January 31, 2023 13:28
@seh
Copy link
Contributor

seh commented Feb 3, 2023

Thank you.

I wound up going with the following to capture the OCI repository and artifact digest into separate shell variables that I glue together later with @ for feeding into cosign sign:

flux push push artifact \
  # ... \
  --output=json |
jq --raw-output '[.repository, .digest] | @tsv' |
read repository digest

@stefanprodan stefanprodan mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiddeco hiddeco hiddeco approved these changes

Assignees
No one assigned
Labels
area/oci OCI related issues and pull requests enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefanprodan @seh @hiddeco