* Add bom generation script
This commit adds a script in scripts/sbom.sh that generates
the SBOM for the release adding three kinds of elements to it:
1. The source code with full dependencies
2. The tarball distrubutions written in _dist
3. The container image
The SBOM is written into the _dist directory.
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
* Generate SBOM from build workflow
This commit modifies the build pipeline to generate an SPDX SBOM
describing the release. It uses the new bom-installer action to
install the Kubernetes SBOM Tool into the runner and calls the
scripts/sbom.sh script which handles the generation.
Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
* Modify release pipeline to properly include SBOM
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
Co-authored-by: Josh Dolitsky <josh@dolit.ski>
* ci: uses github actor user as the ghcr image publisher
Signed-off-by: scnace <scbizu@gmail.com>
* ci: introduces the new sign image mechanism: sigstore cosign
Signed-off-by: scnace <scbizu@gmail.com>
- Update version to v0.14.0
- Fix readme for push plugin (in place of #513)
- Upgrade Go modules, Go version in CI
- Use Helm 3.8 in acceptance tests
- Remove bad semever chart tests and testdata
- Support for M1 Macs local dev
- Add SECURITY.md
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
- update to Go 1.15.7
- add release artifacts script (copied from Helm)
- add KEYS file containing maintainer signing keys
- update Makefile to follow Helm release process
- update dependencies (including auth and storage)
- rename masterHandler to rootHandler
- add get-chartmuseum script (based on get-helm-3 script)
- remove unused scripts and make targets for old release process
- modify README with new install instructions and docker image
- rename scripts to use dashes vs underscores
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
* docker: unify Dockerfile and build chartmuseum in Docker context
In order to be able to build a multi-architecture image easily, all
architectures should share the same Dockerfile. For this to be possible
in a portable way, the `chartmuseum` executable should be built inside a
container image.
This commit adds a first step to the container image building which is
the build of chartmuseum itself. In order to keep the image as small as
possible, this is done inside a "builder" image and the produced
executable is then copied into the final image.
Signed-off-by: Gabriel Duque <gabriel@zuh0.com>
* ci: build and deploy multi-architecture container images
This commit adds a GitHub action using `docker buildx` to build and push
a multi-architecture image to Docker hub.
Signed-off-by: Gabriel Duque <gabriel@zuh0.com>
