Skip to content

securesign/segment-backup-job

72 Branches4 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

JasonPowrJasonPowr
Merge pull request #144 from securesign/Trigger-Konflux-Pipelinesmain
Mar 26, 2025
240c73f Â· Mar 26, 2025

History

232 Commits
.github/workflows
.github/workflows
Aug 22, 2024
.tekton
.tekton
Nov 25, 2024
licenses
licenses
Jun 12, 2024
src
src
Aug 22, 2024
.gitignore
.gitignore
Mar 26, 2024
Dockerfile.segment-backup-job.rh
Dockerfile.segment-backup-job.rh
Mar 24, 2025
README.md
README.md
Nov 15, 2023
ci
ci
Nov 15, 2023
pip_find_builddeps.py
pip_find_builddeps.py
Aug 22, 2024
pyproject.toml
pyproject.toml
Mar 25, 2025
requirements-build.in
requirements-build.in
Mar 25, 2025
requirements-build.txt
requirements-build.txt
Mar 25, 2025
requirements.txt
requirements.txt
Mar 25, 2025
trigger-konflux-builds.txt
trigger-konflux-builds.txt
Mar 26, 2025

Repository files navigation

Development

This is the script I used to automate my builds (OSX only but i guess some linux compatability):

# If https://github.com/securesign/sigstore-ocp/pull/81/files is not merged you will need to create the pull secret, go here: https://console.redhat.com/application-services/trusted-content/artifact-signer and download it
oc create secret generic pull-secret -n sigstore-monitoring --from-file=$HOME/Downloads/pull-secret.json

# was developing and pushing images here to test: https://quay.io/repository/grpereir/segment-backup-job?tab=tags, get the latest tag and set version to be 1 after that

#Example version value
export version=25

export segment_backup_job_repo_path=$(pwd) #if your working from another directory swap this value out
export sigstore_ocp_path="" # Set absolute path to sigstore-ocp, used for automating editing of the values file

# my podman is broken due to QEMU issues (run mv Containerfile Dockerfile once)
podman build $segment_backup_job_repo_path --platform=linux/amd64 -t quay.io/grpereir/segment-backup-job:1.0.$version
podman push quay.io/grpereir/segment-backup-job:1.0.$version #my quay, can swap out with your repo
version=$(( $version + 1));

# LOCAL DEV

podman run -it --rm quay.io/grpereir/segment-backup-job:1.0.$version /bin/bash

#CHART TESTING

code $sigstore_ocp_path/charts/trusted-artifact-signer/values.yaml # replace lines 17 and possibly 16
/usr/bin/open -a "/Applications/Google Chrome.app" 'https://quay.io/repository/grpereir/segment-backup-job?tab=tags' #automated for mac but do this based on your OS
oc delete cronjob segment-backup-job -n sigstore-monitoring; oc delete job segment-backup-job -n sigstore-monitoring #if you have issues with permssions here run this as non-service account oc user
$segment_backup_job_repo_path/tas-easy-install.sh

Testing

This job is meant to run as a service account, run this NOT in the container but logged from your client machine, this will spit out the login command that you should run on the container:

From host logged in:

export secret_name_for_sa=$( oc get sa segment-backup-job -n sigstore-monitoring -o json | jq ".secrets[1].name" | cut -d "\"" -f 2 )

export sa_token=$(oc get secret $secret_name_for_sa -n sigstore-monitoring -o json | jq .metadata.annotations."\"openshift.io/token-secret.value\"" | cut -d "\"" -f 2)
export server=$(oc whoami -t)
echo "oc login --token=$sa_token --server=$server" # spits out the login command for the SA, used in terminal 2

INSIDE the container:

# use the above login command, ex: oc login --token=... --server=...

#Choose a run type to test (installation or nightly)
export RUN_TYPE="installation" 
export RUN_TYPE="nightly"

#Verify you are the service account
oc whoami

#Run script as entrypoint
/opt/app-root/src/script.sh

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases 2

Release v1.1.0 Latest
Nov 29, 2024
+ 1 release

Packages

No packages published

Contributors 7

Languages