use release cosign key only when releasing (#331)

Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
Fabian Kammel 2022-10-20 15:59:17 +02:00 committed by GitHub
parent 085f7b1a2a
commit 21436e6592
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 15 deletions

View File

@ -58,9 +58,9 @@ jobs:
azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }}
coreosImage: ${{ github.event.inputs.coreosImage }}
isDebugImage: ${{ github.event.inputs.isDebugImage }}
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
awsAccessKeyID: ${{ secrets.AWS_ACCESS_KEY_ID }}
awsSecretAccessKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
awsDefaultRegion: ${{ secrets.AWS_DEFAULT_REGION }}

View File

@ -22,9 +22,9 @@ jobs:
targetOS: linux
targetArch: amd64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Build cli-linux-arm64
uses: ./.github/actions/build_cli
@ -32,9 +32,9 @@ jobs:
targetOS: linux
targetArch: arm64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Build cli-darwin-amd64
uses: ./.github/actions/build_cli
@ -42,9 +42,9 @@ jobs:
targetOS: darwin
targetArch: amd64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Build cli-darwin-arm64
uses: ./.github/actions/build_cli
@ -52,9 +52,9 @@ jobs:
targetOS: darwin
targetArch: arm64
enterpriseCLI: true
cosignPublicKey: ${{ secrets.COSIGN_PUBLIC_KEY }}
cosignPrivateKey: ${{ secrets.COSIGN_PRIVATE_KEY }}
cosignPassword: ${{ secrets.COSIGN_PASSWORD }}
cosignPublicKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
- name: Login to Azure
uses: ./.github/actions/azure_login