Skip to content

Commit 243f27e

Browse files
cert-manager-prow[bot]cert-manager-prow[bot]
authored
Merge pull request #194 from SgtCoDFish/sleep-and-sign
Add additional sleeps in container steps + sign images individually
2 parents e3cbe51 + 08c2514 commit 243f27e

File tree

1 file changed

+20
-7
lines changed

1 file changed

+20
-7
lines changed

cmd/cmrel/cmd/gcb_publish.go

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -488,6 +488,8 @@ func pushGitHubRelease(ctx context.Context, o *gcbPublishOptions, rel *release.U
488488
return nil
489489
}
490490

491+
const registryWaitTime = time.Second * 2
492+
491493
func pushContainerImages(ctx context.Context, o *gcbPublishOptions, rel *release.Unpacked) error {
492494
log.Printf("Pushing arch-specific docker images")
493495

@@ -518,8 +520,9 @@ func pushContainerImages(ctx context.Context, o *gcbPublishOptions, rel *release
518520

519521
log.Printf("Pushed release image %q", imageTag)
520522
pushedContent = append(pushedContent, imageTag)
521-
// Wait 2 seconds to avoid being rate limited by the registry.
522-
time.Sleep(time.Second * 2)
523+
524+
// Wait to avoid being rate limited by the registry
525+
time.Sleep(registryWaitTime)
523526
}
524527
}
525528

@@ -534,6 +537,7 @@ func pushContainerImages(ctx context.Context, o *gcbPublishOptions, rel *release
534537
if err := registry.CreateManifestList(ctx, manifestListName, tars); err != nil {
535538
return err
536539
}
540+
537541
builtManifestLists = append(builtManifestLists, manifestListName)
538542
}
539543

@@ -546,6 +550,9 @@ func pushContainerImages(ctx context.Context, o *gcbPublishOptions, rel *release
546550

547551
pushedContent = append(pushedContent, manifestListName)
548552
log.Printf("Pushed multi-arch manifest list %q", manifestListName)
553+
554+
// Wait to avoid being rate limited by the registry
555+
time.Sleep(registryWaitTime)
549556
}
550557

551558
if err := signRegistryContent(ctx, o, pushedContent); err != nil {
@@ -555,24 +562,30 @@ func pushContainerImages(ctx context.Context, o *gcbPublishOptions, rel *release
555562
return nil
556563
}
557564

558-
func signRegistryContent(ctx context.Context, o *gcbPublishOptions, contentToSign []string) error {
565+
func signRegistryContent(ctx context.Context, o *gcbPublishOptions, allContentToSign []string) error {
559566
if o.SkipSigning {
560567
log.Println("Skipping signing container images / manifest lists as skip-signing is set")
561568
return nil
562569
}
563570

564-
log.Printf("Signing container images")
571+
log.Println("Signing container images")
565572

566573
parsedKey, err := sign.NewGCPKMSKey(o.SigningKMSKey)
567574
if err != nil {
568575
return err
569576
}
570577

571-
if err := cosign.Sign(ctx, o.CosignPath, contentToSign, parsedKey); err != nil {
572-
return fmt.Errorf("failed to sign all container images / manifest lists: %w", err)
578+
for _, toSign := range allContentToSign {
579+
log.Printf("Signing %q", toSign)
580+
if err := cosign.Sign(ctx, o.CosignPath, []string{toSign}, parsedKey); err != nil {
581+
return fmt.Errorf("failed to sign container image / manifest list %q: %w", toSign, err)
582+
}
583+
584+
// Wait to avoid being rate limited by the registry
585+
time.Sleep(registryWaitTime)
573586
}
574587

575-
log.Printf("Signed container images / manifest lists: %s", strings.Join(contentToSign, ", "))
588+
log.Printf("Finished signing: %s", strings.Join(allContentToSign, ", "))
576589

577590
return nil
578591
}

0 commit comments

Comments
 (0)