Closed jku closed 4 months ago
See https://github.com/sigstore/root-signing/blob/main/.github/workflows/sync-main-to-staging.yml
The main logical change is that the git repository now only contains the current metadata versions. This means that if the publishing mechanism wants to both delete old metadata and artifacts but also ensure old metadata & artifacts are available for clients to use for a period of time, it needs to manage that. In practice there should be no pressing need for a sigstore repository to delete old metadata & artifacts: there will only be small amount of new files per year in normal operation.
The technical changes are listed below:
gcloud auth login
: I don't know what the purpose wascreate_credentials_file: true
from google-github-actions/auth: this is the default@haydentherapper feel free to have a look already, I think this should be finished (but let's not merge yet).
Two obvious feature requests:
Rebased on main.
I'm marking this ready:
Fixes #7
This uploads the repository to GCS and invalidates the CDN cache.
GCP configuration is mostly hard coded, only service account details are inputs: