diff --git a/.dev.goreleaser.yml b/.dev.goreleaser.yml new file mode 100644 index 000000000..aadf0b05d --- /dev/null +++ b/.dev.goreleaser.yml @@ -0,0 +1,31 @@ +builds: + - main: ./cmd/notation + id: notation + binary: notation + env: + - CGO_ENABLED=0 + goos: + - linux + - darwin + - windows + goarch: + - amd64 + - arm64 + ignore: + - goos: windows + goarch: arm64 + ldflags: + - -s -w -X {{.ModulePath}}/internal/version.Version={{.Version}} -X {{.ModulePath}}/internal/version.BuildMetadata= +archives: + - format: tar.gz + format_overrides: + - goos: windows + format: zip + files: + - LICENSE +release: + prerelease: true + header: | + ## Notation Weekly Dev Build ({{ .Date }}) + + Welcome to this Weekly Dev Build! \ No newline at end of file diff --git a/.github/workflows/dev-release.yml b/.github/workflows/dev-release.yml new file mode 100644 index 000000000..2870afe8e --- /dev/null +++ b/.github/workflows/dev-release.yml @@ -0,0 +1,43 @@ +name: dev-release + +on: + schedule: + - cron: '0 16 * * 0' # at 16:00 on Sunday (UTC) + +jobs: + build: + name: Weekly Release Notation Binaries + runs-on: ubuntu-20.04 + strategy: + matrix: + go-version: [1.18] + fail-fast: true + steps: + - name: Set up Go ${{ matrix.go-version }} + uses: actions/setup-go@v3 + with: + go-version: ${{ matrix.go-version }} + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set Git User + run: | + git config user.name "${GITHUB_ACTOR}" + git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" + - name: Create Version Tag + run: | + # get project version: .dev. + export TAG_VERSION=`cat ./internal/version/version.go | grep "Version = " | awk -F '"' '{print $2}'`.dev.`date +%Y%m%d` + + # create new tag + git tag -af $TAG_VERSION -m "For weekly build" + git push origin $TAG_VERSION + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v3 + with: + distribution: goreleaser + version: latest + args: release -f ./.dev.goreleaser.yml --rm-dist + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-github.yml b/.github/workflows/release-github.yml index e46a03ad4..501ddb4a9 100644 --- a/.github/workflows/release-github.yml +++ b/.github/workflows/release-github.yml @@ -20,6 +20,12 @@ jobs: go-version: ${{ matrix.go-version }} - name: Checkout uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Set GoReleaser Previous Tag To Be Last Non Weekly Release + run: | + pre_tag=`git tag --sort=-creatordate --list 'v*' | grep -v dev | head -2 | tail -1` + echo "GORELEASER_PREVIOUS_TAG=$pre_tag" >> $GITHUB_ENV - name: Run GoReleaser uses: goreleaser/goreleaser-action@v3 with: diff --git a/cmd/notation/cert_gen.go b/cmd/notation/cert_gen.go index f6d49519c..d59164040 100644 --- a/cmd/notation/cert_gen.go +++ b/cmd/notation/cert_gen.go @@ -43,14 +43,13 @@ func generateTestCert(opts *certGenerateTestOpts) error { fmt.Println("generated certificates expiring on", rsaLeafCertTuple.Cert.NotAfter.Format(time.RFC3339)) // write private key - keyPath := dir.Path.Localkey(name, dir.KeyExtension) + keyPath, certPath := dir.Path.Localkey(name) if err := osutil.WriteFileWithPermission(keyPath, keyBytes, 0600, false); err != nil { return fmt.Errorf("failed to write key file: %v", err) } fmt.Println("wrote key:", keyPath) // write self-signed certificate - certPath := dir.Path.Localkey(name, dir.CertificateExtension) if err := osutil.WriteFileWithPermission(certPath, append(leafBytes, rootBytes...), 0644, false); err != nil { return fmt.Errorf("failed to write certificate file: %v", err) } diff --git a/go.mod b/go.mod index 1646bf61c..4cb79fb0e 100644 --- a/go.mod +++ b/go.mod @@ -5,13 +5,13 @@ go 1.18 require ( github.com/distribution/distribution/v3 v3.0.0-20220729163034-26163d82560f github.com/docker/docker-credential-helpers v0.6.4 - github.com/notaryproject/notation-core-go v0.0.0-20220811064831-ab66bb390904 - github.com/notaryproject/notation-go v0.9.0-alpha.1.0.20220811081659-2ec835dc30c3 + github.com/notaryproject/notation-core-go v0.0.0-20220825082354-b97da9ba79dd + github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220824075203-d5b91e16156d github.com/opencontainers/go-digest v1.0.0 github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 - github.com/veraison/go-cose v1.0.0-rc.1 - oras.land/oras-go/v2 v2.0.0-rc.1.0.20220727034506-eb13fdfeefa6 + github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 + oras.land/oras-go/v2 v2.0.0-rc.2 ) require ( diff --git a/go.sum b/go.sum index 190a01ba1..e3cd4c743 100644 --- a/go.sum +++ b/go.sum @@ -11,10 +11,10 @@ github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQA github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/notaryproject/notation-core-go v0.0.0-20220811064831-ab66bb390904 h1:MpDQVpCqDWUFZbk70aDr3nF0px5zqcVHHqd4VLjbrH4= -github.com/notaryproject/notation-core-go v0.0.0-20220811064831-ab66bb390904/go.mod h1:KcUBZtOH3r3moiIbQ2h2ZJZ9QCOZ+W0rxHP8KBVnCbY= -github.com/notaryproject/notation-go v0.9.0-alpha.1.0.20220811081659-2ec835dc30c3 h1:KfZmyvigvFBB8gfULmTjagGbV9qOitEoCZ9iehaQDic= -github.com/notaryproject/notation-go v0.9.0-alpha.1.0.20220811081659-2ec835dc30c3/go.mod h1:0OMz09CoVfwMfaPQLS7uLzBkduhXoCuGAZ9AMCR5JoE= +github.com/notaryproject/notation-core-go v0.0.0-20220825082354-b97da9ba79dd h1:iiVUK2KzisgTZ/78IHxVijHzUDrDzI0BoFUJy1oLffg= +github.com/notaryproject/notation-core-go v0.0.0-20220825082354-b97da9ba79dd/go.mod h1:vRFI64uedpKUChiadJ/2q8jJNdKtxHa7Er1JbSnm8AY= +github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220824075203-d5b91e16156d h1:W5zUgwJcrTf83MBpp1vMDVgHLXw9ygmnVU0F6rS8dAs= +github.com/notaryproject/notation-go v0.10.0-alpha.3.0.20220824075203-d5b91e16156d/go.mod h1:paAgugG2Hh9Zi6WJGfHk1Kk+ubOVxNmCab9nCU3P++4= github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU= github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -31,8 +31,8 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/veraison/go-cose v1.0.0-rc.1 h1:4qA7dbFJGvt7gcqv5MCIyCQvN+NpHFPkW7do3EeDLb8= -github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= +github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83 h1:g8vDfnNOPcGzg6mnlBGc0J5t5lAJkaepXqbc9qFRnFs= +github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 h1:uVc8UZUe6tr40fFVnUP5Oj+veunVezqYl9z7DYw9xzw= @@ -43,5 +43,5 @@ golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBc gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -oras.land/oras-go/v2 v2.0.0-rc.1.0.20220727034506-eb13fdfeefa6 h1:fbJtzJbpZCtdaAvjPvjlTf8CGsUE1+mClxyh/MPne6I= -oras.land/oras-go/v2 v2.0.0-rc.1.0.20220727034506-eb13fdfeefa6/go.mod h1:IZRIoIJqkAH6x0pL3tVnpyPUyZgthjSyPcH2kgJvBMo= +oras.land/oras-go/v2 v2.0.0-rc.2 h1:dks9BxPg6HQOxn5+jVNuTFl45FuYvHfLQ6wcP7hVRdE= +oras.land/oras-go/v2 v2.0.0-rc.2/go.mod h1:IZRIoIJqkAH6x0pL3tVnpyPUyZgthjSyPcH2kgJvBMo= diff --git a/internal/version/version.go b/internal/version/version.go index f80840ecd..bdeeb9222 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -2,7 +2,7 @@ package version var ( // Version shows the current notation version, optionally with pre-release. - Version = "v0.7.1-alpha.1" + Version = "v0.10.0-alpha.3" // BuildMetadata stores the build metadata. BuildMetadata = "unreleased" diff --git a/specs/notation-cli.md b/specs/notation-cli.md index 502e052e1..c2ef3ea7e 100644 --- a/specs/notation-cli.md +++ b/specs/notation-cli.md @@ -67,7 +67,12 @@ COMMANDS: help, h Shows a list of commands or help for one command OPTIONS: - --help, -h show help (default: false) + --username value, -u value Username for registry operations [$NOTATION_USERNAME] + --password value, -p value Password for registry operations [$NOTATION_PASSWORD] + --help, -h show help (default: false) + +GLOBAL ARGUMENTS + --plain-http Registry access via plain HTTP (default: false) ``` ## certificate @@ -123,7 +128,12 @@ USAGE: notation list [command options] OPTIONS: - --help, -h show help (default: false) + --username value, -u value Username for registry operations [$NOTATION_USERNAME] + --password value, -p value Password for registry operations [$NOTATION_PASSWORD] + --help, -h show help (default: false) + +GLOBAL ARGUMENTS + --plain-http Registry access via plain HTTP (default: false) ``` ## login @@ -154,6 +164,9 @@ notation login -u -p registry.example.com # Login using $NOTATION_USERNAME $NOTATION_PASSWORD variables notation login registry.example.com + +NOTES +Once login is completed, then -u -p is no longer required for any notation commands against the registry server authenticated. ``` ## plugin @@ -185,9 +198,14 @@ USAGE: notation pull [command options] OPTIONS: + --username value, -u value Username for registry operations [$NOTATION_USERNAME] + --password value, -p value Password for registry operations [$NOTATION_PASSWORD] --strict Pull the signature without lookup the manifest (default: false) --output value, -o value Write signature to a specific path --help, -h Show help (default: false) + +GLOBAL ARGUMENTS + --plain-http Registry access via plain HTTP (default: false) ``` ## push @@ -201,8 +219,13 @@ USAGE: notation push [command options] OPTIONS: + --username value, -u value Username for registry operations [$NOTATION_USERNAME] + --password value, -p value Password for registry operations [$NOTATION_PASSWORD] --signature value, -s value, -f value signature files (accepts multiple inputs) --help, -h show help (default: false) + +GLOBAL ARGUMENTS + --plain-http Registry access via plain HTTP (default: false) ``` ## sign @@ -227,7 +250,12 @@ OPTIONS: --push push after successful signing (default: true) --push-reference value different remote to store signature --media-type value specify the media type of the manifest read from file or stdin (default: "application/vnd.docker.distribution.manifest.v2+json") + --username value, -u value Username for registry operations [$NOTATION_USERNAME] + --password value, -p value Password for registry operations [$NOTATION_PASSWORD] --help, -h show help (default: false) + +GLOBAL ARGUMENTS + --plain-http Registry access via plain HTTP (default: false) ``` ## verify @@ -247,5 +275,10 @@ OPTIONS: --pull pull remote signatures before verification (default: true) --local, -l reference is a local file (default: false) --media-type value specify the media type of the manifest read from file or stdin (default: "application/vnd.docker.distribution.manifest.v2+json") + --username value, -u value Username for registry operations [$NOTATION_USERNAME] + --password value, -p value Password for registry operations [$NOTATION_PASSWORD] --help, -h show help (default: false) + +GLOBAL ARGUMENTS + --plain-http Registry access via plain HTTP (default: false) ```