trigger release from PR

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
chainloop-dev · May 30, 2024 · 314a823 · 314a823
1 parent 2522d28
commit 314a823
Showing 1 changed file with 68 additions and 67 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,9 +1,10 @@
 name: Release
 
 on:
-  push:
-    tags:
-      - "v*.*.*"
+  pull_request:
+  # push:
+  #   tags:
+  #     - "v*.*.*"
 
 jobs:
   release:
@@ -14,22 +15,22 @@ jobs:
       packages: write
       contents: write # required for goreleaser
     steps:
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@main
-        with:
-          cosign-release: 'v2.2.3'
+      # - name: Install Cosign
+      #   uses: sigstore/cosign-installer@main
+      #   with:
+      #     cosign-release: 'v2.2.3'
 
-      - name: Install Chainloop
-        run: |
-          curl -sfL https://docs.chainloop.dev/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
+      # - name: Install Chainloop
+      #   run: |
+      #     curl -sfL https://docs.chainloop.dev/install.sh | bash -s -- --version v${{ env.CHAINLOOP_VERSION }}
 
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-        with:
-          fetch-depth: 0
+      # - name: Checkout
+      #   uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      #   with:
+      #     fetch-depth: 0
 
-      - name: Initialize Attestation
-        run: chainloop attestation init # --contract-revision 2
+      # - name: Initialize Attestation
+      #   run: chainloop attestation init # --contract-revision 2
 
       - name: Set up Go
         uses: actions/setup-go@v3
@@ -55,57 +56,57 @@ jobs:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
 
-      - uses: anchore/sbom-action@v0
-        with:
-          image: ${{ env.IMAGE }}
-          format: cyclonedx-json
-          artifact-name: sbom.cyclonedx.json
-          output-file: /tmp/sbom.cyclonedx.json
-        env:
-          IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
-
-      - uses: anchore/sbom-action@v0
-        with:
-          image: ${{ env.IMAGE }}
-          format: spdx-json
-          artifact-name: sbom.spdx.json
-          output-file: /tmp/sbom.spdx.json
-        env:
-          IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
-
-      - name: Add Container Image Artifact
-        run: chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
-
-      - name: Add CycloneDX SBOM Artifact
-        run: chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json
-
-      - name: Add SPDX SBOM Artifact
-        run: chainloop attestation add --name sbom-spdx --value /tmp/sbom.spdx.json
-
-      - name: Add Binary Artifact
-        run: |
-          BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' | jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"
-
-          chainloop attestation add --name binary --value ${BINARY_PATH}
-
-      - name: Finish and Record Attestation
-        if: ${{ success() }}
-        run: |
-          chainloop attestation status --full
-          chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
-        env:
-          CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-          CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-
-      - name: Mark attestation as failed
-        if: ${{ failure() }}
-        run: |
-          chainloop attestation reset
-
-      - name: Mark attestation as cancelled
-        if: ${{ cancelled() }}
-        run: |
-          chainloop attestation reset --trigger cancellation
+      # - uses: anchore/sbom-action@v0
+      #   with:
+      #     image: ${{ env.IMAGE }}
+      #     format: cyclonedx-json
+      #     artifact-name: sbom.cyclonedx.json
+      #     output-file: /tmp/sbom.cyclonedx.json
+      #   env:
+      #     IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
+
+      # - uses: anchore/sbom-action@v0
+      #   with:
+      #     image: ${{ env.IMAGE }}
+      #     format: spdx-json
+      #     artifact-name: sbom.spdx.json
+      #     output-file: /tmp/sbom.spdx.json
+      #   env:
+      #     IMAGE: ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
+
+      # - name: Add Container Image Artifact
+      #   run: chainloop attestation add --name image --value ghcr.io/chainloop-dev/integration-demo:${{ github.ref_name }}
+
+      # - name: Add CycloneDX SBOM Artifact
+      #   run: chainloop attestation add --name sbom --value /tmp/sbom.cyclonedx.json
+
+      # - name: Add SPDX SBOM Artifact
+      #   run: chainloop attestation add --name sbom-spdx --value /tmp/sbom.spdx.json
+
+      # - name: Add Binary Artifact
+      #   run: |
+      #     BINARY_PATH="$(echo -n '${{ steps.release.outputs.metadata }}' | jq -r '"dist/" + .project_name + "_" + .version + "_" + .runtime.goos + "_" + .runtime.goarch + ".tar.gz"')"
+
+      #     chainloop attestation add --name binary --value ${BINARY_PATH}
+
+      # - name: Finish and Record Attestation
+      #   if: ${{ success() }}
+      #   run: |
+      #     chainloop attestation status --full
+      #     chainloop attestation push --key env://CHAINLOOP_SIGNING_KEY
+      #   env:
+      #     CHAINLOOP_SIGNING_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      #     CHAINLOOP_SIGNING_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+
+      # - name: Mark attestation as failed
+      #   if: ${{ failure() }}
+      #   run: |
+      #     chainloop attestation reset
+
+      # - name: Mark attestation as cancelled
+      #   if: ${{ cancelled() }}
+      #   run: |
+      #     chainloop attestation reset --trigger cancellation
     env:
       CHAINLOOP_VERSION: 0.89.0
       CHAINLOOP_ROBOT_ACCOUNT: ${{ secrets.CHAINLOOP_ROBOT_ACCOUNT }}