GoReleaser
which is working link https://gitlab.com/metacontroller/test-sem-rel/-/packages/23684709 - however it still publish on release page, is it expected ? While reading https://goreleaser.com/scm/gitlab/#generic-package-registry I was under impression it would do that instead of using gitlab release page ?
\nSecond question, I enabled docker_sign with ko -
docker_signs:\n - cmd: cosign\n args:\n - \"sign\"\n - \"--upload=false\"\n - \"${artifact}\"\n - \"--yes\" # needed on cosign 2.0.0+\n artifacts: allusing gitlab job id_tokens - (https://docs.gitlab.com/ee/ci/yaml/signing_examples.html#sign-or-verify-container-images-and-build-artifacts-by-using-cosign) - which works pretty neat, however while I was following docs - https://goreleaser.com/customization/docker_sign/ - (copy from docs)
# Command line arguments for the command\n #\n # Default: [\"sign\", \"--key=cosign.key\", \"${artifact}@${digest}\", \"--yes\"]\n # Templates: allowed\n args:\n - \"sign\"\n - \"--key=cosign.key\"\n - \"--upload=false\"\n - \"${artifact}\"\n - \"--yes\" # needed on cosign 2.0.0+it implies that \"${artifact}@${digest}\" is image_name:image_digest, however when I tried that, it errored :
release failed after 1m23s error=signing docker images: failed to publish artifacts: sign: cosign failed: exit status 1: Generating ephemeral keys...\nRetrieving signed certificate...\nSuccessfully verified SCT...\nError: signing [registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7]: parsing reference: could not parse reference: registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7when I switched to just use ${artifact}- https://gitlab.com/metacontroller/test-sem-rel/-/blob/main/.goreleaser.yaml?ref_type=heads#L196
it started to work and resolve image+digest -
\n signing docker images\n • signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:bb41d1f8de551eeac77137a2d5e49667a01e83f8e5fff14a27e4fc477fcc400c\n • signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commandb@sha256:72fc7c39bbb11b60a5ca2236d85224a954083ef0bca170d213c244fa9c7c70d1\n • signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:0914fb54cd8beb2b1d998a9df39efbe0ec25097be5fbc721e0565667dd74354c\n • signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commandb@sha256:28e56bba2081ba2032bdf2798719bc646f74421c5108a8d6bf1295ea38b77b16\n • took: 5s\n • scm releasesso it seems artifact already contain digest ?
Last thing, I created repo with example golang flow (with two binaries, each with binaries/packages/signing packages/docker images with two flavours, signed) - https://gitlab.com/metacontroller/test-sem-rel which is actually pretty good visualization of end 2 end flow using goreleaser, if you think is it valuable I could refactor it and move/donate/make it a pr to https://gitlab.com/goreleaser/example, what do you think ?
","upvoteCount":2,"answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"ah, yeah, that is a bad example indeed, will fix it
\nabout the repo, if you wanna transfer it to the goreleaser org, I would be more than happy to accept it.
\nwe have a bunch of different examples in the github org, but only that single, simple one, in gitlab
","upvoteCount":1,"url":"https://github.com/orgs/goreleaser/discussions/4702#discussioncomment-8804243"}}}
-
|
Hi, I had a config which is publishing to gitlab package registry - gitlab_urls:
use_job_token: true
use_package_registry: truewhich is working link https://gitlab.com/metacontroller/test-sem-rel/-/packages/23684709 - however it still publish on release page, is it expected ? While reading https://goreleaser.com/scm/gitlab/#generic-package-registry I was under impression it would do that instead of using gitlab release page ? Second question, I enabled docker_signs:
- cmd: cosign
args:
- "sign"
- "--upload=false"
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+
artifacts: allusing gitlab job # Command line arguments for the command
#
# Default: ["sign", "--key=cosign.key", "${artifact}@${digest}", "--yes"]
# Templates: allowed
args:
- "sign"
- "--key=cosign.key"
- "--upload=false"
- "${artifact}"
- "--yes" # needed on cosign 2.0.0+it implies that release failed after 1m23s error=signing docker images: failed to publish artifacts: sign: cosign failed: exit status 1: Generating ephemeral keys...
Retrieving signed certificate...
Successfully verified SCT...
Error: signing [registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7]: parsing reference: could not parse reference: registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7@sha256:6ce2e017d73bf84905fc341660fdafe5531725d97012174884780d5eb63009f7when I switched to just use it started to work and resolve image+digest - signing docker images
• signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:bb41d1f8de551eeac77137a2d5e49667a01e83f8e5fff14a27e4fc477fcc400c
• signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commandb@sha256:72fc7c39bbb11b60a5ca2236d85224a954083ef0bca170d213c244fa9c7c70d1
• signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commanda@sha256:0914fb54cd8beb2b1d998a9df39efbe0ec25097be5fbc721e0565667dd74354c
• signing cmd=cosign artifact=registry.gitlab.com/metacontroller/test-sem-rel/commandb@sha256:28e56bba2081ba2032bdf2798719bc646f74421c5108a8d6bf1295ea38b77b16
• took: 5s
• scm releasesso it seems Last thing, I created repo with example golang flow (with two binaries, each with binaries/packages/signing packages/docker images with two flavours, signed) - https://gitlab.com/metacontroller/test-sem-rel which is actually pretty good visualization of end 2 end flow using goreleaser, if you think is it valuable I could refactor it and move/donate/make it a pr to https://gitlab.com/goreleaser/example, what do you think ? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 12 replies
-
|
ah, yeah, that is a bad example indeed, will fix it about the repo, if you wanna transfer it to the goreleaser org, I would be more than happy to accept it. we have a bunch of different examples in the github org, but only that single, simple one, in gitlab |
Beta Was this translation helpful? Give feedback.
-
|
@caarlos0 are you able to transfer the project ? Or I need to grant owner access? |
Beta Was this translation helpful? Give feedback.
-
|
hey sorry for the delay... i couldn't find the option to transfer, not sure if i'm blind or its not there... anyway, to prevent back and forth, i cloned the repo, created another repo with the same name under goreleaser's org, changed remotes, and pushed https://gitlab.com/goreleaser/goreleaser-example-multi-binary-multi-image I think this should be enough? thanks! |
Beta Was this translation helpful? Give feedback.
-
|
ah, that great, did not think of that ;) will try to make some silly change and do a test release to double check it is working after moving |
Beta Was this translation helpful? Give feedback.
-
|
ah, I see you did a release and it is publishing everything, packages, container images and helm. So everything is ok |
Beta Was this translation helpful? Give feedback.
-
|
noice! thanks again for all the help! |
Beta Was this translation helpful? Give feedback.
ah, yeah, that is a bad example indeed, will fix it
about the repo, if you wanna transfer it to the goreleaser org, I would be more than happy to accept it.
we have a bunch of different examples in the github org, but only that single, simple one, in gitlab