Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consume GitHub releases #785

Closed
9 of 13 tasks
migmartri opened this issue May 16, 2024 · 5 comments
Closed
9 of 13 tasks

Consume GitHub releases #785

migmartri opened this issue May 16, 2024 · 5 comments
Assignees
Labels

Comments

@migmartri
Copy link
Member

migmartri commented May 16, 2024

We want to be able to attest a gitHub release in an easy way.

Ideally, we could have a reusable workflow/action that reacts to a release event and performs an attestation of all the published artifacts.

As explained here #772 (comment) we can download all the artifacts using the GH CLI, and then we could push them to Chainloop by using a CHAINLOOP_TOKEN

We could even automatically create a workflow if needed using also our new reusable workflow for that purpose cc/ @jiparis

Tasks

  1. component/backend
    javirln
  2. component/backend
    javirln
  3. component/backend
    javirln
  4. component/backend
  5. component/backend
    javirln
  6. documentation
    javirln
  7. component/backend
    javirln
  8. component/backend good first issue
  9. component/backend good first issue
  10. component/backend good first issue
@javirln
Copy link
Member

javirln commented Jun 3, 2024

One of the issues found when deploying the reusable workflow into our pipelines is the fact that a workflow cannot be triggered by other workflow if the token used is the default GitHub token. That provoked that the build and package workflow didn't the release workflow since, what triggers a release within build and package is goreleaser using a GitHub Token.

More information regarding the issue can be found here: https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow

This does not mean the workflow does not work, it only means that in order to be triggered by another workflow it needs to use a personal access token, manual releases of course trigger the workflow.

We need to update the documentation to reflect this edge case.

@migmartri
Copy link
Member Author

Should we support workflow dispatch? That one seems to be supported.

@javirln
Copy link
Member

javirln commented Jun 3, 2024

Additionally to the release trigger? It's supported by a GitHub token I believe will do anything to that workflow since it's manually triggered no?

How do you think it would be the flow for our use case? Once build and package is finished, us manually going to the workflow and trigger it? In that case we need to check that the github.ref_name is still the tag

@migmartri
Copy link
Member Author

basically, the reusable workflow uses a tag as input. Then this workflow can be used from different parent jobs, either by being triggered explicitly or in a workflow that reacts to the release event.

Either way, the reusable workflow is the same but gets triggered/loaded in two different contexts, does it make sense?

@javirln
Copy link
Member

javirln commented Jun 3, 2024

Closing this task in favor of its follow up one: #869

Additionally the following issues should be considered once tackling that task since they were not part of this one:

@javirln javirln closed this as completed Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants