Create a GitHub Actions for Notation and publish it to Marketplace

Question

Create a GitHub Actions for Notation and publish it to Marketplace

FeynmanZhou opened this issue a year ago · comments

Feynman Zhou commented a year ago

What is the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

No. This is a new request.

What solution do you propose?

Notation is commonly used in CI/CD pipelines and workflows like GitHub Actions workflow. It would be easier for users to introduce and set up Notation to their GitHub CI/CD workflows if there is a GitHub Actions showcasing on GitHub Marketplace. I believe it will increase the adoption.

What alternatives have you considered?

None

Any additional context?

For the first step, I think we should create a new repo and only deliver Notation Setup as a Single GH Actions. The GH actions for signing and verifying are not considered in the first version since it's not easy to define who should generate the private key for signing and where to store this key securely. So people can write Notation CLI commands in GH actions.

Toddy Mladenov · Answer 1 · Fri Feb 10 2023 23:41:08 GMT+0800 (China Standard Time)

@vaninrao10 @yizha1 as per our discussion @duffney is interested in contributing to the development of a GHA for Notary. I would propose having a separate subproject and repo for that work. Let's use this issue to agree on the approach.

Feynman Zhou · Answer 2 · Fri Feb 10 2023 23:54:07 GMT+0800 (China Standard Time)

Thank you @toddysm and @duffney . We can also bring this to next Monday's community call for consensus.

Josh Duffney · Answer 3 · Sun Feb 12 2023 00:41:37 GMT+0800 (China Standard Time)

Thank you for the mention @toddysm! I worked closely with @dtzar to develop the set_notation to make it easier to add digital signing to GitHub workflows and would love to contribute to this open request. @FeynmanZhou I'll be sure to attend the Monday's community call to answer any questions that might come up.

Samir Kakkar · Answer 4 · Sun Feb 12 2023 03:44:43 GMT+0800 (China Standard Time)

@toddysm , @vaninrao10 - What is the criteria for adding a new subproject? Do we need a roadmap repo item for this, to align on which Notary v2 release we should start officially supporting this. It seems this is under development, and will not be ready for use in RC-2. Am I correct?

@duffney - Thank you for your effort. Happy to see you building workflows to make it easy for CI/CD workflows. Will like to see an example for a verification option as well ( if not there already)

Josh Duffney · Answer 5 · Tue Feb 14 2023 05:19:35 GMT+0800 (China Standard Time)

@duffney - Thank you for your effort. Happy to see you building workflows to make it easy for CI/CD workflows. Will like to see an example for a verification option as well (if not there already)

Great feedback @iamsamirzon, I'll add that to the sign action issues. :)

Toddy Mladenov · Answer 6 · Wed Feb 22 2023 09:39:53 GMT+0800 (China Standard Time)

@iamsamirzon We should have a governance process for creating subproject. I can work on that but as a lightweight approach for now, let's at least create a new issue on the roadmap and vote on in.

Patrick Zheng · Answer 7 · Wed Sep 20 2023 17:06:44 GMT+0800 (China Standard Time)

Closing this issue as we have released the github actions to marketplace.