Skip to content

Instantly share code, notes, and snippets.

View imjasonh's full-sized avatar
🏠
Working from home

Jason Hall imjasonh

🏠
Working from home
492 followers · 17 following
View GitHub Profile
@imjasonh
imjasonh / gist:c31d36a3217111c1a6ce6ec9f36de6ff
Last active December 14, 2021 18:00
ko v0.10 release notes draft
Cosmetic change: ko build
- aligns with go build, pack build, docker build
- ko publish will keep working forever
KOCACHE
- ko will cache recently built binaries in $KOCACHE, if set, along with some metadata that can avoid rebuilds and layer pushes when code hasn't changed.
- no-op build takes 3s
Improved SBOMs
- ko build automatically uploads SBOMs in SPDX format
@imjasonh
imjasonh / .ko.yaml
Last active December 3, 2021 23:17
Reproducing multi-arch Go build performance in `docker buildx` vs `ko`
defaultBaseImage: gcr.io/imjasonh/combined
@imjasonh
imjasonh / gha-fuclio.sh
Created November 24, 2021 13:56
Script to find and alert on fulcios in GitHub Actions
#!/usr/bin/env bash
for l in $(git grep -in fuclio); do
fn=$(echo $l | cut -d: -f1)
ln=$(echo $l | cut -d: -f2)
echo "::error file=$fn,line=$ln::Typo: Fulcio"
done
if [[ ! -z $l ]]; then
echo "found a fuclio"
@imjasonh
imjasonh / multiarch-pipeline.yaml
Created October 21, 2021 14:29
Sketch/example pipeline to assemble a multi-arch manifest list based on arch-specific builds in a heterogeneous-arch cluster
# This Task runs a `docker build` on a specified node architecture.
# TODO:
# - mount source incl Dockerfile
# - mount a Docker daemon
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
name: build
spec:
@imjasonh
imjasonh / 1 - sign multiple times
Last active October 28, 2021 05:25
demo signing images multiple times with cosign
# Generate a keypair
$ cosign generate-key-pair
Enter password for private key:
Enter again:
Private key written to cosign.key
Public key written to cosign.pub
# Use it to sign an image
$ cosign sign -key=cosign.key gcr.io/imjasonh/ubuntu
Enter password for private key:
@imjasonh
imjasonh / gist:d5e7c397ada62e8ac4454c5bec2257cf
Last active October 28, 2021 05:25
demo of `ko deps --spdx`: https://github.com/google/ko/compare/main...imjasonh:spdx
$ go run ./ deps $IMAGE --spdx
SPDXVersion: SPDX-2.2
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: github.com/google/ko
DocumentNamespace: http://spdx.org/spdxpackages/github.com/google/ko-999a6226-9c5c-4f6d-a09f-2bb7dde5dab3
Creator: Tool: ko (devel)
Created: 2021-09-28T16:00:41Z
@imjasonh
imjasonh / windows_test.go
Created August 4, 2021 01:27
// +build e2e,windows_e2e
/*
Copyright 2021 The Tekton Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
@imjasonh
imjasonh / test.md
Created August 2, 2021 16:11
@imjasonh
imjasonh / main.go
Last active October 28, 2021 05:26
package main
import (
"encoding/json"
"fmt"
"log"
"os"
"github.com/google/go-containerregistry/pkg/authn"
"github.com/google/go-containerregistry/pkg/name"
@imjasonh
imjasonh / test.sh
Last active October 28, 2021 05:27
crane append + mutate
docker run --rm $(
go run ./cmd/crane mutate $(
go run ./cmd/crane/ append -b busybox -f <(tar -f - -c hello.sh) -t gcr.io/kontaindotme/appended \
) --entrypoint=/hello.sh --new_ref=gcr.io/kontaindotme/mutated \
)
2021/04/16 10:44:33 No matching credentials were found for "index.docker.io/library/busybox", falling back on anonymous
2021/04/16 10:44:35 existing blob: sha256:f531cdc67389c92deac44e019e7a1b6fba90d1aaa58ae3e8192f0e0eed747152
2021/04/16 10:44:37 pushed blob: sha256:078105f9432ce9585d7f6b76a2bd0aed14b1bae9dec29ed679a6b5576cb89664
2021/04/16 10:44:37 existing blob: sha256:d6a3237b5852e9da63a291612928da68d814897550b15e9e0ca77934a8672792
2021/04/16 10:44:38 gcr.io/kontaindotme/appended: digest: sha256:a58979bf3493cbc9acea0541190c5621853bc57b4683970d847ba23ab3b660e4 size: 586