adding signer to workflow (#9444)

* adding signer to workflow * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * adding capability to get the digest directly from the script. Moving the script folder inside ops * changing log from info to debug * removed unused vars * removed old files * testing signer * testing signer * adding python orb * upgrading runner image from ubuntu-2204:2022.07.1 to ubuntu-2204:2024.01.1 * using python3 directly * using single quotes instead of dowble quotes for key into dict * minor changes * setting config back after completing test * testing without export of vars * completing changes * setting git.revision * fixed image tag input --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

adding signer to workflow (#9444)
* adding signer to workflow * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update .circleci/signer/sign_image.py Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * adding capability to get the digest directly from the script. Moving the script folder inside ops * changing log from info to debug * removed unused vars * removed old files * testing signer * testing signer * adding python orb * upgrading runner image from ubuntu-2204:2022.07.1 to ubuntu-2204:2024.01.1 * using python3 directly * using single quotes instead of dowble quotes for key into dict * minor changes * setting config back after completing test * testing without export of vars * completing changes * setting git.revision * fixed image tag input --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
87d40e35 · Raffaele · GitHub · 6120d22f · 87d40e35 · 87d40e35
Commit 87d40e35 authored Feb 12, 2024 by Raffaele Committed by GitHub Feb 12, 2024
Expand all Show whitespace changes
Inline Side-by-side

Showing with 370 additions and 0 deletions

config.yml .circleci/config.yml +13 -0

requirements.txt ops/signer/requirements.txt +2 -0

sign_image.py ops/signer/sign_image.py +355 -0

No files found.
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -338,6 +338,19 @@ jobs:
                name: Tag
                command: |
                  ./ops/scripts/ci-docker-tag-op-stack-release.sh <<parameters.registry>>/<<parameters.repo>> $CIRCLE_TAG $CIRCLE_SHA1
+      - when:
+          condition: "<<parameters.publish>>"
+          steps:
+            - gcp-oidc-authenticate:
+                service_account_email: GCP_SERVICE_ATTESTOR_ACCOUNT_EMAIL
+            - run:
+                name: Sign
+                command: |
+                  cd ./ops/signer
+                  export IMAGE_PATH="<<parameters.registry>>/<<parameters.repo>>/<<parameters.docker_name>>:<<pipeline.git.revision>>"
+                  pip3 install -r requirements.txt
+                  python3 sign_image.py
  contracts-bedrock-coverage:

--- a/ops/signer/requirements.txt
+++ b/ops/signer/requirements.txt
+urllib3
+requests
\ No newline at end of file
--- a/ops/signer/sign_image.py
+++ b/ops/signer/sign_image.py