Switch 'sigstore-probe' to copy the prober from the image rather than rebuilding every execution #130
Conversation
|
Successful execution, will fix DCO: https://github.com/evankanderson/sigstore-probers/actions/runs/6697424637/job/18197276780 |
… rebuilding every execution Signed-off-by: Evan Anderson <[email protected]>
evankanderson
force-pushed
the
image-probe
branch
from
14393e6
to
4fe000c
Compare
|
@bobcallaway should approve / merge this if he wants it this week. |
|
why not just bake crane into the image? |
|
We're currently building the prober image with I was trying to avoid adding a lot of new machinery (build new image with go / make / etc) in order to replace the existing images which we already have built and released. I can look at building an image for these, but the |
|
|
| crane export $PROBE_IMAGE - | tar -xf - -C /tmp /ko-app/prober | ||
| cp /tmp/ko-app/prober /usr/local/bin | ||
| env: | ||
| PROBE_IMAGE: ghcr.io/sigstore/scaffolding/prober:v0.6.9@sha256:1b745626f5603698442ed55f4bdeb1a86f2192b603ccc3343750a3b70304ff94 |
There was a problem hiding this comment.
should this also be listed in a fake Dockerfile (and extracted here) so that Dependabot will see it and flag updates for it?
|
Is this still relevant? |
Summary
Start work on #94. We currently see a fair amount of build flakiness (failed to fetch go library X) in the GitHub sigstore probes. By reducing this to two fetches (crane and the OCI image), we should hopefully see less flakiness.
Or I screwed everything up, and one probe will alert and we'll roll this back before trying again. (I'll try to get this running in my fork as well, but I wanted to offer this for review since I'd been sitting on it half-done for a while.)
Release Note
sigstore-probeprobes in staging and production.Documentation
No documentation needed.