From c0b72dd50133aa3e637220f51a2f0d4d007d3563 Mon Sep 17 00:00:00 2001 From: Carlo Cabrera <30379873+carlocab@users.noreply.github.com> Date: Tue, 20 Aug 2024 01:26:27 +0800 Subject: [PATCH] Revert "feat: add attestation to installer" --- .github/workflows/docker.yml | 4 ---- .github/workflows/pkg-installer.yml | 9 --------- .github/workflows/tests.yml | 28 ++++++---------------------- 3 files changed, 6 insertions(+), 35 deletions(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index e49cea599d..fae55e6d56 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -23,10 +23,6 @@ jobs: fail-fast: false matrix: version: ["18.04", "20.04", "22.04", "24.04"] - permissions: - contents: read # for code access - attestations: write # for actions/attest-build-provenance - id-token: write # for actions/attest-build-provenance steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 diff --git a/.github/workflows/pkg-installer.yml b/.github/workflows/pkg-installer.yml index 5b0df5dadc..3159df5594 100644 --- a/.github/workflows/pkg-installer.yml +++ b/.github/workflows/pkg-installer.yml @@ -19,10 +19,6 @@ jobs: build: if: github.repository_owner == 'Homebrew' && github.actor != 'dependabot[bot]' runs-on: macos-latest - permissions: - contents: read # for code access - attestations: write # for actions/attest-build-provenance - id-token: write # for actions/attest-build-provenance outputs: installer_path: "Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg" env: @@ -123,11 +119,6 @@ jobs: security delete-keychain "${RUNNER_TEMP}/${TEMPORARY_KEYCHAIN_FILE}" fi - - name: Generate build provenance - uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 - with: - subject-path: Homebrew-${{ steps.homebrew-version.outputs.version }}.pkg - - name: Upload installer to GitHub Actions uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4 with: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 93c873c709..79d48a7700 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -239,30 +239,14 @@ jobs: - name: Deploy the Docker image to GitHub Packages and Docker Hub if: github.ref == 'refs/heads/master' run: | - echo ${{ secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN }} | + echo ${{secrets.HOMEBREW_BREW_GITHUB_PACKAGES_TOKEN}} | docker login ghcr.io -u BrewTestBot --password-stdin - docker tag brew "ghcr.io/homebrew/ubuntu22.04:${{ github.ref_name }}" - docker push "ghcr.io/homebrew/ubuntu22.04:${{ github.ref_name }}" - echo ${{ secrets.HOMEBREW_BREW_DOCKER_TOKEN }} | + docker tag brew "ghcr.io/homebrew/ubuntu22.04:master" + docker push "ghcr.io/homebrew/ubuntu22.04:master" + echo ${{secrets.HOMEBREW_BREW_DOCKER_TOKEN}} | docker login -u brewtestbot --password-stdin - docker tag brew "homebrew/ubuntu22.04:${{ github.ref_name }}" - docker push "homebrew/ubuntu22.04:${{ github.ref_name }}" - - - name: Generate Docker image digest - if: github.ref == 'refs/heads/master' - id: digest - run: | - digest="$(docker image inspect --format='{{.Digest}}' brew)" - echo "digest=$digest" >> "$GITHUB_OUTPUT" - - - name: Generate Docker image build provenance - uses: actions/attest-build-provenance@5e9cb68e95676991667494a6a4e59b8a2f13e1d0 # v1.3.3 - if: github.ref == 'refs/heads/master' - id: attest - with: - push-to-registry: true - subject-digest: ${{ steps.digest.outputs.digest }} - subject-name: ghcr.io/homebrew/ubuntu22.04:${{ github.ref_name }} + docker tag brew "homebrew/ubuntu22.04:master" + docker push "homebrew/ubuntu22.04:master" update-test: name: ${{ matrix.name }}