Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update chart-testing-action to v2.6.0 and cosigin-installer to v3.1.1 #4201

Merged
merged 1 commit into from
Nov 1, 2023
Merged

Update chart-testing-action to v2.6.0 and cosigin-installer to v3.1.1 #4201

merged 1 commit into from
Nov 1, 2023

Conversation

liangyuanpeng
Copy link
Contributor

@liangyuanpeng liangyuanpeng commented Nov 1, 2023
edited
Loading

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

helm chart testing action is broken, https://github.com/karmada-io/karmada/actions/runs/6706548301/job/18223260799

xref:

I have try to update to v2.5.0 and it's not working. https://github.com/liangyuanpeng/karmada/actions/runs/6714930957

And v2.6.0 can fix it.

Since we are using cosign separately, it is better to follow the notification to upgrade the installer version.

So this PR have two change:

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

@karmada-bot karmada-bot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Nov 1, 2023
@karmada-bot karmada-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Nov 1, 2023
RainbowMango
RainbowMango reviewed Nov 1, 2023
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/assign
Seems this might be a blocker for the other's PR.
/priority important-soon

@karmada-bot karmada-bot added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Nov 1, 2023
@RainbowMango
Copy link
Member

Seems this is due to Sigstore no longer publishing cosign releases to GCS bucket.

There is an instruction for updating GitHub Actions if people using cosign-installer.

If you are using cosign-installer, our GitHub Action that installs Cosign, you may need to update the action only if you are pinned by hash to a version earlier than v3.1.0. The following example shows how to update the action:

Do we need to update them?

@liangyuanpeng
Copy link
Contributor Author

Do we need to update them?

Thanks for remind and i have tested it with cosigin-installer@v3.0.3 and it's working for now,But I think it's better to follow the notification and upgrade the install version.

Also tested it with cosigin-installer@v3.1.1 and it's working.

So we can update the installer version and keep the same cosign version.

@liangyuanpeng
* Update chart-testing-action to v2.6.0
b261534 
* Update cosign-installer to v3.1.1, see https://blog.sigstore.dev/cosign-releases-bucket-deprecation/

Signed-off-by: Lan Liang <gcslyp@gmail.com>
@liangyuanpeng liangyuanpeng changed the title Update chart-testing-action to v2.6.0 Update chart-testing-action to v2.6.0 and cosigin-installer to v3.1.1 Nov 1, 2023
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (bea718a) 52.85% compared to head (b261534) 52.82%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4201      +/-   ##
==========================================
- Coverage   52.85%   52.82%   -0.03%     
==========================================
  Files         239      239              
  Lines       23558    23558              
==========================================
- Hits        12451    12445       -6     
- Misses      10431    10436       +5     
- Partials      676      677       +1
Flag Coverage Δ
unittests 52.82% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

RainbowMango
RainbowMango approved these changes Nov 1, 2023
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

Actually we don't need to bump sigstore/cosign-installer as the action downloads the sigstore binary directly from GitHub(not the deprecated Google Bucket):
See the code for more details:
https://github.com/sigstore/cosign-installer/blob/main/action.yml#L184-L185

But it's not harm to bump it to a higher version.

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 1, 2023
@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 1, 2023
@karmada-bot karmada-bot merged commit 086a6c4 into karmada-io:master Nov 1, 2023
11 checks passed
@liangyuanpeng
Copy link
Contributor Author

liangyuanpeng commented Nov 1, 2023
edited
Loading

Luckly, it is since 3.0.3 the cosign-installer download cosign from GitHub instead of GCS and karmada is using this version.

update v3.0.3 to download cosign from GitHub instead of GCS

Actually we don't need to bump sigstore/cosign-installer as the action downloads the sigstore binary directly from GitHub(not the deprecated Google Bucket):

It's true, and it's download from GCS when using csogin-installer with hash to a version earlier than v3.1.0. And karmada is using tag.

@liangyuanpeng liangyuanpeng deleted the update_helm_lint branch November 1, 2023 07:45
@RainbowMango
Copy link
Member

I don't get why it is the v3.1.0. I think any hash version earlier than v3.0.3 also downloads from GCS.

@liangyuanpeng liangyuanpeng mentioned this pull request Nov 1, 2023
Merged
karmada-bot added a commit that referenced this pull request Nov 2, 2023
@karmada-bot
Merge pull request #4202 from liangyuanpeng/automated-cherry-pick-of-…
e779254 
…#4201-upstream-release-1.7

[1.7] Automated cherry pick of #4201: * Update chart-testing-action to v2.6.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RainbowMango RainbowMango RainbowMango approved these changes

@jwcesign jwcesign Awaiting requested review from jwcesign

@Poor12 Poor12 Awaiting requested review from Poor12

Assignees

@RainbowMango RainbowMango

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@liangyuanpeng @RainbowMango @codecov-commenter @karmada-bot