Skip to content
Snippets Groups Projects
Normal view Permalink
Earthfile 1.51 KiB
Newer Older
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
1 2 3 4 5 6 
VERSION 0.7

MIRROR:
    COMMAND
    ARG image
    FROM ${image}
Sheogorath's avatar
ci(mirror): Add OCI labels to mirror images  
Sheogorath committed
7 
    DO ../.utils/+LABEL --image=mirror --version=main
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
8 9 
    SAVE IMAGE --cache-hint
Sheogorath's avatar
feat(cowsay): Add distroless cowsay image  
Sheogorath committed
10 
distroless-base:
Botaniker (Bot)'s avatar
chore(deps): update gcr.io/distroless/base-debian12:nonroot docker digest to d69ec73  
Botaniker (Bot) committed
11 
    DO +MIRROR --image=gcr.io/distroless/base-debian12:nonroot@sha256:d69ec7321e2c43f2ab8fd243c815f80e26b7a54300910e2b221b2f013e07e0ff
Sheogorath's avatar
feat(cowsay): Add distroless cowsay image  
Sheogorath committed
12
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
13 
distroless-static-debug:
Botaniker (Bot)'s avatar
chore(deps): update gcr.io/distroless/static:debug-nonroot docker digest to 44bf51d  
Botaniker (Bot) committed
14 
    DO +MIRROR --image=gcr.io/distroless/static:debug-nonroot@sha256:44bf51d5b2bb7f09d1fda9322b2db6cd138d78ad1b1496c6f143c9a7d5245d50
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
15 16 

distroless-static:
Botaniker (Bot)'s avatar
chore(deps): update gcr.io/distroless/static:nonroot docker digest to efea8b5  
Botaniker (Bot) committed
17 
    DO +MIRROR --image=gcr.io/distroless/static:nonroot@sha256:efea8b525e9deefb309c6ed41b8e69c85d901e0da30658e476e9f176f88c1b36
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
18 19 

golang:
Botaniker (Bot)'s avatar
chore(deps): update docker.io/library/golang docker tag to v1.22.0  
Botaniker (Bot) committed
20 
    DO +MIRROR --image=docker.io/library/golang:1.22.0-bookworm
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
21 22 

alpine:
Botaniker (Bot)'s avatar
chore(deps): update docker.io/library/alpine docker tag to v3.19.1  
Botaniker (Bot) committed
23 
    DO +MIRROR --image=docker.io/library/alpine:3.19.1
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
24 25 

trivy:
Botaniker (Bot)'s avatar
chore(deps): update docker.io/aquasec/trivy docker tag to v0.49.1  
Botaniker (Bot) committed
26 
    DO +MIRROR --image=docker.io/aquasec/trivy:0.49.1
Sheogorath's avatar
ci(earthly): Provide current version
Sheogorath committed
27 28 

fedora:
Botaniker (Bot)'s avatar
chore(deps): update quay.io/fedora/fedora:39 docker digest to 490a2eb  
Botaniker (Bot) committed
29 
    DO +MIRROR --image=quay.io/fedora/fedora:39@sha256:490a2eb8c9ae75eb4f1cef7cd6bcd73c3fcc00e1a4822d3be592ff917b1353cf
Sheogorath's avatar
ci: Use pinned images for mirrors  
Sheogorath committed
30
Sheogorath's avatar
ci(earthly): Add simply target to verify distroless images  
Sheogorath committed
31 
cosign:
Botaniker (Bot)'s avatar
chore(deps): update gcr.io/projectsigstore/cosign docker tag to v2.2.3  
Botaniker (Bot) committed
32 
    DO +MIRROR --image=gcr.io/projectsigstore/cosign:v2.2.3
Sheogorath's avatar
ci(earthly): Add simply target to verify distroless images  
Sheogorath committed
33 34 35 36 37 38 39 40 41 
    SAVE ARTIFACT /ko-app/cosign ./cosign

# verify-distroless allows to use cosign to verify all mirrored distroless images against Google's build identity
verify-distroless:
    FROM +fedora
    COPY +cosign/cosign /usr/local/bin/cosign
    COPY ./Earthfile ./
    RUN cat ./Earthfile | grep 'DO +MIRROR --image=gcr.io/distroless/' | grep -Po 'gcr.io/distroless/[a-z0-9-.@/:]+' | xargs /usr/local/bin/cosign verify --certificate-oidc-issuer https://accounts.google.com  --certificate-identity keyless@distroless.iam.gserviceaccount.com