From be62dc6bc73adda4d86ed36e870ee7514214e8e4 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 22:53:19 +0900 Subject: [PATCH 01/11] poc aqua#4318 --- .github/workflows/test.yaml | 40 +++++++-- aqua-checksums.json | 144 -------------------------------- aqua.yaml | 14 ---- aqua/actionlint.yaml | 2 - aqua/aqua.yaml | 11 +++ aqua/ghalint.yaml | 2 - aqua/ghcp.yaml | 2 - aqua/imports/cosign.yaml | 2 + aqua/imports/gh.yaml | 2 + aqua/imports/minisign.yaml | 2 + aqua/imports/slsa-verifier.yaml | 2 + aqua/nllint.yaml | 2 - aqua/reviewdog.yaml | 2 - 13 files changed, 52 insertions(+), 175 deletions(-) delete mode 100644 aqua-checksums.json delete mode 100644 aqua.yaml delete mode 100644 aqua/actionlint.yaml create mode 100644 aqua/aqua.yaml delete mode 100644 aqua/ghalint.yaml delete mode 100644 aqua/ghcp.yaml create mode 100644 aqua/imports/cosign.yaml create mode 100644 aqua/imports/gh.yaml create mode 100644 aqua/imports/minisign.yaml create mode 100644 aqua/imports/slsa-verifier.yaml delete mode 100644 aqua/nllint.yaml delete mode 100644 aqua/reviewdog.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 722c4dce..d8101225 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,13 +1,39 @@ --- name: test -on: - push: - tags: - - v* +on: pull_request jobs: + prepare: + runs-on: ubuntu-24.04 + permissions: {} + timeout-minutes: 10 + steps: + - uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta + with: + persist-credentials: false + - uses: aquaproj/aqua-installer@11dd79b4e498d471a9385aa9fb7f62bb5f52a73c # v4.0.4 + with: + aqua_version: v2.55.3 + aqua_opts: "" + - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: aqua + path: ~/.local/share/aquaproj-aqua + include-hidden-files: true + test: runs-on: ubuntu-24.04 + needs: prepare + permissions: {} + timeout-minutes: 10 + env: + AQUA_LOG_LEVEL: debug + AQUA_LOG_COLOR: always steps: - - run: echo "$PAYLOAD" - env: - PAYLOAD: ${{ toJson(github.event) }} + - uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta + with: + persist-credentials: false + - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + with: + name: aqua + path: ~/.local/share/aquaproj-aqua + - run: cosign version diff --git a/aqua-checksums.json b/aqua-checksums.json deleted file mode 100644 index 9f54ddb4..00000000 --- a/aqua-checksums.json +++ /dev/null @@ -1,144 +0,0 @@ -{ - "checksums": [ - { - "id": "github_release/github.com/int128/ghcp/v1.13.2/ghcp_darwin_amd64.zip", - "checksum": "8221F411AC4F2465B7CFD31EFB6DA4568E5FD20BAD9F66AC312B23AFA4520FDD", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/int128/ghcp/v1.13.2/ghcp_linux_amd64.zip", - "checksum": "6B9D9C9A7B834237B6579353477DF3BB3730C11788170AD2A9E5D1230ABC6216", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/int128/ghcp/v1.13.2/ghcp_windows_amd64.zip", - "checksum": "2297D27978C61272184589C3C521514291E6258C3C87EBCB16FB61B32663414E", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/reviewdog/reviewdog/v0.15.0/reviewdog_0.15.0_Darwin_arm64.tar.gz", - "checksum": "DB5FE19D29346C23D7468B6A1ACEBBF9C369C805AE8CB97159881BFAADFECB5A", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/reviewdog/reviewdog/v0.15.0/reviewdog_0.15.0_Darwin_x86_64.tar.gz", - "checksum": "361F3513252D5F64C822CFAC273A7F9AC9C4DCC1D38FAD7974100070A09CFC7B", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/reviewdog/reviewdog/v0.15.0/reviewdog_0.15.0_Linux_arm64.tar.gz", - "checksum": "E8BC967EE94390E2ACA889E1B8622AD598CD15D5B5B67C4B42AC8EA2EDE6B5BD", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/reviewdog/reviewdog/v0.15.0/reviewdog_0.15.0_Linux_x86_64.tar.gz", - "checksum": "736DEC2BDECE94F5A17DBB67A3CC6CA6279ABA614C2AFCAD466E824452E53305", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/reviewdog/reviewdog/v0.15.0/reviewdog_0.15.0_Windows_arm64.tar.gz", - "checksum": "ACFFCA88DE97D85F9CF7A84C2CADAE42C3F886AA4A51D956CF39FA3E97DA1739", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/reviewdog/reviewdog/v0.15.0/reviewdog_0.15.0_Windows_x86_64.tar.gz", - "checksum": "64745567CDA57D1138D6185E1CE6C3FFC615AC4DC385F6CB89ECA82F2FDB2A43", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/rhysd/actionlint/v1.6.26/actionlint_1.6.26_darwin_amd64.tar.gz", - "checksum": "BFA890E77A8508603C785AF09A30BBAB3A3255D291D8D27EFC3F20AC8E303A8E", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/rhysd/actionlint/v1.6.26/actionlint_1.6.26_darwin_arm64.tar.gz", - "checksum": "5E131AB7DE7AD051E1923B80D167AAA414734E97C720698C48778250E1DD2590", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/rhysd/actionlint/v1.6.26/actionlint_1.6.26_linux_amd64.tar.gz", - "checksum": "F0294C342AF98FAD4FF917BC32032F28E1B55F76AEDF291886EC10BBED7C12E1", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/rhysd/actionlint/v1.6.26/actionlint_1.6.26_linux_arm64.tar.gz", - "checksum": "A1056D85D614AF4F6E5517ED2911DAB2621B8E97C368C8B265328F9C22801648", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/rhysd/actionlint/v1.6.26/actionlint_1.6.26_windows_amd64.zip", - "checksum": "8E31F6D623CDC3C12D2236E1E444FAA191126434A2007F4D2BECC0D0D416469B", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/rhysd/actionlint/v1.6.26/actionlint_1.6.26_windows_arm64.zip", - "checksum": "2545EEA6E1F02A24619514F50DCCE7543B8C0028B50E3EFBCEC3DC79E16AE5EA", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/ghalint/v0.2.4/ghalint_0.2.4_darwin_amd64.tar.gz", - "checksum": "F782902B3248FCD2FA6A79D0110F76E855A52AEAC968927FD35F93BE5AF7D3F0", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/ghalint/v0.2.4/ghalint_0.2.4_darwin_arm64.tar.gz", - "checksum": "CB916BE510A8A51117C05BB9F360CA99F003F0DF17F48ADBC17AC6686C59368E", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/ghalint/v0.2.4/ghalint_0.2.4_linux_amd64.tar.gz", - "checksum": "F133EE5957464CB1F9AB9407BE5A2FDB44E494FAA8CF6937D1FE2A2BD62D151F", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/ghalint/v0.2.4/ghalint_0.2.4_linux_arm64.tar.gz", - "checksum": "BA173F416BD88C71131D841C66CC60C458E44B595E997A4FEC2B72297DD9CC9E", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/ghalint/v0.2.4/ghalint_0.2.4_windows_amd64.tar.gz", - "checksum": "49E9290C9E9D6AFC8EB9D2440562AB94308E93A7945EC9CE98289D75291747E1", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/ghalint/v0.2.4/ghalint_0.2.4_windows_arm64.tar.gz", - "checksum": "6F07E67FBAC1599B6AA6F2D2DF3F5E1C74F6E6A1EBDCD9EA8E86D329EFD72F61", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/nllint/v0.1.0/nllint_darwin_amd64.tar.gz", - "checksum": "C576EC52A5777255C074B0C20CDCD83060E4E502BC1FEA05EE8B149B35A0867F", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/nllint/v0.1.0/nllint_darwin_arm64.tar.gz", - "checksum": "336ACCC20169D49EBA7DDBCF030758BE2DC6655BC3EC2F2AC03DE833CE35492E", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/nllint/v0.1.0/nllint_linux_amd64.tar.gz", - "checksum": "8AB2CB63A60CCD8FDC9E0F71B7FD2D9B7374054DEA5F8AE63DD2E3E7D233686D", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/nllint/v0.1.0/nllint_linux_arm64.tar.gz", - "checksum": "F51B84DCA69C8AECD992C606D23F735EC37BE692CEF2E895270B8E72B84183C4", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/nllint/v0.1.0/nllint_windows_amd64.zip", - "checksum": "F603D6EDD76AB44C1C710A2B1E50905D444C9EFFA848BFB537CA4A1ABD93A20D", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/suzuki-shunsuke/nllint/v0.1.0/nllint_windows_arm64.zip", - "checksum": "4AEB83825367044C345128D34E38470AB53BED2D76491FB6F8A6737EC619DB90", - "algorithm": "sha256" - }, - { - "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.92.2/registry.yaml", - "checksum": "3DE8A454E1D3FFC37112534057FD39F78E2F2C15ED048AF14F7340BB6D4DEFF52D6C3368DC7CD3CA27B8E7EAC3ED42042EEF299CC825B1929993EFB8195C4E0E", - "algorithm": "sha512" - } - ] -} diff --git a/aqua.yaml b/aqua.yaml deleted file mode 100644 index 0eded949..00000000 --- a/aqua.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# aqua - Declarative CLI Version Manager -# https://aquaproj.github.io/ -checksum: - # Enable Checksum Verification - # https://aquaproj.github.io/docs/tutorial-extras/checksum/ - enabled: true - require_checksum: true -registries: - - type: standard - ref: v4.92.2 # renovate: depName=aquaproj/aqua-registry -packages: - # Split packages per package with `import` to avoid pull requests' conflict - - import: aqua/*.yaml diff --git a/aqua/actionlint.yaml b/aqua/actionlint.yaml deleted file mode 100644 index b6dde9d0..00000000 --- a/aqua/actionlint.yaml +++ /dev/null @@ -1,2 +0,0 @@ -packages: - - name: rhysd/actionlint@v1.6.26 diff --git a/aqua/aqua.yaml b/aqua/aqua.yaml new file mode 100644 index 00000000..ba352f42 --- /dev/null +++ b/aqua/aqua.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/aquaproj/aqua/main/json-schema/aqua-yaml.json +# aqua - Declarative CLI Version Manager +# https://aquaproj.github.io/ +checksum: + enabled: true + require_checksum: true +registries: +- type: standard + ref: v4.434.0 # renovate: depName=aquaproj/aqua-registry +import_dir: imports diff --git a/aqua/ghalint.yaml b/aqua/ghalint.yaml deleted file mode 100644 index 70e342b2..00000000 --- a/aqua/ghalint.yaml +++ /dev/null @@ -1,2 +0,0 @@ -packages: - - name: suzuki-shunsuke/ghalint@v0.2.4 diff --git a/aqua/ghcp.yaml b/aqua/ghcp.yaml deleted file mode 100644 index 1773e1f1..00000000 --- a/aqua/ghcp.yaml +++ /dev/null @@ -1,2 +0,0 @@ -packages: - - name: int128/ghcp@v1.13.2 diff --git a/aqua/imports/cosign.yaml b/aqua/imports/cosign.yaml new file mode 100644 index 00000000..337d7f75 --- /dev/null +++ b/aqua/imports/cosign.yaml @@ -0,0 +1,2 @@ +packages: + - name: sigstore/cosign@v3.0.2 diff --git a/aqua/imports/gh.yaml b/aqua/imports/gh.yaml new file mode 100644 index 00000000..f910b0d5 --- /dev/null +++ b/aqua/imports/gh.yaml @@ -0,0 +1,2 @@ +packages: + - name: cli/cli@v2.83.0 diff --git a/aqua/imports/minisign.yaml b/aqua/imports/minisign.yaml new file mode 100644 index 00000000..ecc55536 --- /dev/null +++ b/aqua/imports/minisign.yaml @@ -0,0 +1,2 @@ +packages: + - name: jedisct1/minisign@0.12 diff --git a/aqua/imports/slsa-verifier.yaml b/aqua/imports/slsa-verifier.yaml new file mode 100644 index 00000000..063e9b5f --- /dev/null +++ b/aqua/imports/slsa-verifier.yaml @@ -0,0 +1,2 @@ +packages: + - name: slsa-framework/slsa-verifier@v2.7.1 diff --git a/aqua/nllint.yaml b/aqua/nllint.yaml deleted file mode 100644 index 5add7daa..00000000 --- a/aqua/nllint.yaml +++ /dev/null @@ -1,2 +0,0 @@ -packages: - - name: suzuki-shunsuke/nllint@v0.1.0 diff --git a/aqua/reviewdog.yaml b/aqua/reviewdog.yaml deleted file mode 100644 index eb43d9ea..00000000 --- a/aqua/reviewdog.yaml +++ /dev/null @@ -1,2 +0,0 @@ -packages: - - name: reviewdog/reviewdog@v0.15.0 From 50f1550dda948ba3b9be10c023d71b96e2f07e4c Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 22:56:09 +0900 Subject: [PATCH 02/11] fix aqua version --- .github/workflows/test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d8101225..b61ce647 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -12,7 +12,7 @@ jobs: persist-credentials: false - uses: aquaproj/aqua-installer@11dd79b4e498d471a9385aa9fb7f62bb5f52a73c # v4.0.4 with: - aqua_version: v2.55.3 + aqua_version: v2.55.1 aqua_opts: "" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: From 38ecede723354825fe24a525deb681bed8b5aa07 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 23:05:44 +0900 Subject: [PATCH 03/11] fix --- aqua/aqua-checksums.json | 124 ++++++++++++++++++++++++++++++++ aqua/imports/cosign.yaml | 3 +- aqua/imports/gh.yaml | 3 +- aqua/imports/minisign.yaml | 5 +- aqua/imports/slsa-verifier.yaml | 3 +- 5 files changed, 134 insertions(+), 4 deletions(-) create mode 100644 aqua/aqua-checksums.json diff --git a/aqua/aqua-checksums.json b/aqua/aqua-checksums.json new file mode 100644 index 00000000..a24ddb37 --- /dev/null +++ b/aqua/aqua-checksums.json @@ -0,0 +1,124 @@ +{ + "checksums": [ + { + "id": "github_release/github.com/cli/cli/v2.82.1/gh_2.82.1_linux_amd64.tar.gz", + "checksum": "AFADA88676DFCCEA384E6CC28AE990B3E31BBC55F9D75C4697F902C757FA462B", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/cli/cli/v2.82.1/gh_2.82.1_linux_arm64.tar.gz", + "checksum": "80B467DAABEABF4379B5B7138F4B8B47F56670CC615AB288361A602CE413D8BF", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/cli/cli/v2.82.1/gh_2.82.1_macOS_amd64.zip", + "checksum": "83499EDD5830F345E01E187E4593A46919BD7440B43C5AABE2442AE918CAD9F1", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/cli/cli/v2.82.1/gh_2.82.1_macOS_arm64.zip", + "checksum": "8CF015D101A5A43BBF662155D47BA6242BD1A1630C814E764254EFA86E448BA7", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/cli/cli/v2.82.1/gh_2.82.1_windows_amd64.zip", + "checksum": "17BB2A19D25887CEBD3B0EE2D3A3FDF56791EB0DF15CF34B068FAC56212F690B", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/cli/cli/v2.82.1/gh_2.82.1_windows_arm64.zip", + "checksum": "9922588AC432F2A25E9FFECACD3A31B9E7B1F093B3B5F9E8AFE89879EF25E2C0", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/jedisct1/minisign/0.11/minisign-0.11-linux.tar.gz", + "checksum": "F0A0954413DF8531BEFED169E447A66DA6868D79052ED7E892E50A4291AF7AE0", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/jedisct1/minisign/0.11/minisign-0.11-macos.zip", + "checksum": "E7C410AE8B8960D7087392472B040BDA9B2F307C76DF0384AC37F9AD103FC893", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/jedisct1/minisign/0.11/minisign-0.11-win64.zip", + "checksum": "B9C31C2C3034F81F0E5F5D92CBCC20E67A9671B6E5455661588638848DC58031", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/jedisct1/minisign/0.12/minisign-0.12-linux.tar.gz", + "checksum": "9A599B48BA6EB7B1E80F12F36B94CECA7C00B7A5173C95C3EFC88D9822957E73", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/jedisct1/minisign/0.12/minisign-0.12-macos.zip", + "checksum": "89000B19535765F9CFFC65A65D64A820F433EF6DB8020667F7570E06BF6AAC63", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/jedisct1/minisign/0.12/minisign-0.12-win64.zip", + "checksum": "37B600344E20C19314B2E82813DB2BFDCC408B77B876F7727889DBD46D539479", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/sigstore/cosign/v3.0.2/cosign-darwin-amd64", + "checksum": "0FC2B6F16B900ABDFDA3153B11FC435A8CBE3830E8E820FE8AD5FE4149A5B472", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/sigstore/cosign/v3.0.2/cosign-darwin-arm64", + "checksum": "3823B044DE184DA21E300BC5E20DD29D3FA9243AF3BA70C4A5DA1712F3385D46", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/sigstore/cosign/v3.0.2/cosign-linux-amd64", + "checksum": "46DBDCB5467A3DFEC2526923D0B3365E40C8D9DC00EC23D5ACA3437449E8CBFD", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/sigstore/cosign/v3.0.2/cosign-linux-arm64", + "checksum": "17FD784737CA54D7D8A343C82DA6C5D6DBDEE971E66644D923D1B057FB97D7ED", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/sigstore/cosign/v3.0.2/cosign-windows-amd64.exe", + "checksum": "7A137280D8686665CEB4D8565DF2A0AC63F28031E014CDCAE5D56891A6C8A400", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/slsa-framework/slsa-verifier/v2.7.1/slsa-verifier-darwin-amd64", + "checksum": "4BAF25415727821F847A38BCCEDC86C3E5B17CBFC2EB534CD554FEB6C856D6F1", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/slsa-framework/slsa-verifier/v2.7.1/slsa-verifier-darwin-arm64", + "checksum": "39ABFCF5F1D690C3E889CE3D2D6A8B87711424D83368511868D414E8F8BCB05C", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/slsa-framework/slsa-verifier/v2.7.1/slsa-verifier-linux-amd64", + "checksum": "946DBEC729094195E88EF78E1734324A27869F03E2C6BD2F61CBC06BD5350339", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/slsa-framework/slsa-verifier/v2.7.1/slsa-verifier-linux-arm64", + "checksum": "5D3B2349EDE7BFEC19E7A21569F18B9F7410145AD12E9584B175370669E14061", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/slsa-framework/slsa-verifier/v2.7.1/slsa-verifier-windows-amd64.exe", + "checksum": "1D8F61AD747ECC3D375D2A563CEBF2991748B7DA1A9BDA9A500804C3C499E3C0", + "algorithm": "sha256" + }, + { + "id": "github_release/github.com/slsa-framework/slsa-verifier/v2.7.1/slsa-verifier-windows-arm64.exe", + "checksum": "44144E98328D221F0490EF6B4A58A465DEFE8F697F387ABBBF07EF5ADB68D4AC", + "algorithm": "sha256" + }, + { + "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.434.0/registry.yaml", + "checksum": "C36EA000C31FFD843B875F5C2C5ECA7FF45F20F3C8E85D648210063959B556DF", + "algorithm": "sha256" + } + ] +} diff --git a/aqua/imports/cosign.yaml b/aqua/imports/cosign.yaml index 337d7f75..9e1d3da0 100644 --- a/aqua/imports/cosign.yaml +++ b/aqua/imports/cosign.yaml @@ -1,2 +1,3 @@ packages: - - name: sigstore/cosign@v3.0.2 + - name: sigstore/cosign + version: v3.0.2 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/cosign/aqua.yaml#L14 diff --git a/aqua/imports/gh.yaml b/aqua/imports/gh.yaml index f910b0d5..b1fba543 100644 --- a/aqua/imports/gh.yaml +++ b/aqua/imports/gh.yaml @@ -1,2 +1,3 @@ packages: - - name: cli/cli@v2.83.0 + - name: cli/cli + version: v2.82.1 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/ghattestation/aqua.yaml#L10 diff --git a/aqua/imports/minisign.yaml b/aqua/imports/minisign.yaml index ecc55536..8271ccc7 100644 --- a/aqua/imports/minisign.yaml +++ b/aqua/imports/minisign.yaml @@ -1,2 +1,5 @@ packages: - - name: jedisct1/minisign@0.12 + - name: jedisct1/minisign + version: "0.12" # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/minisign/aqua.yaml#L14 + - name: jedisct1/minisign + version: "0.11" # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/minisign/aqua.yaml#L16 diff --git a/aqua/imports/slsa-verifier.yaml b/aqua/imports/slsa-verifier.yaml index 063e9b5f..20ec4593 100644 --- a/aqua/imports/slsa-verifier.yaml +++ b/aqua/imports/slsa-verifier.yaml @@ -1,2 +1,3 @@ packages: - - name: slsa-framework/slsa-verifier@v2.7.1 + - name: slsa-framework/slsa-verifier + version: v2.7.1 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/slsa/aqua.yaml#L14 From 775f3a1d14077040b92b207c936342f6f160e536 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 23:08:32 +0900 Subject: [PATCH 04/11] fix --- .github/workflows/test.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index b61ce647..d678ff10 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -36,4 +36,6 @@ jobs: with: name: aqua path: ~/.local/share/aquaproj-aqua + - name: Set $PATH + run: echo "$HOME/.local/share/aquaproj-aqua/bin" >> "$GITHUB_PATH" - run: cosign version From df309725bdd68cc3021e4c52a40ee8652e62bb02 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 23:11:04 +0900 Subject: [PATCH 05/11] fix --- .github/workflows/update-checksum.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 .github/workflows/update-checksum.yaml diff --git a/.github/workflows/update-checksum.yaml b/.github/workflows/update-checksum.yaml deleted file mode 100644 index 9d2aa323..00000000 --- a/.github/workflows/update-checksum.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: update-aqua-checksum -on: - pull_request: - paths: - - aqua.yaml - - aqua-checksums.json -jobs: - update-aqua-checksums: - uses: aquaproj/update-checksum-workflow/.github/workflows/update-checksum.yaml@f637ff2417a258303aeec16a7fa7a1a7a8bda020 # v0.1.6 - permissions: - contents: read - with: - aqua_version: v2.8.0 - prune: true - secrets: - gh_app_id: ${{secrets.APP_ID}} - gh_app_private_key: ${{secrets.APP_PRIVATE_KEY}} From a3e8dafca116e91dd67a18f2d1a85268a5478b7b Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 23:17:19 +0900 Subject: [PATCH 06/11] debug --- .github/workflows/test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index d678ff10..0802e7b9 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -36,6 +36,7 @@ jobs: with: name: aqua path: ~/.local/share/aquaproj-aqua + - run: ls -lh ~/.local/share/aquaproj-aqua/bin - name: Set $PATH run: echo "$HOME/.local/share/aquaproj-aqua/bin" >> "$GITHUB_PATH" - run: cosign version From 2cb1ee0b1a78f3ec2c1c10e170dcdca06d284c0f Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 23:17:48 +0900 Subject: [PATCH 07/11] test --- .github/workflows/test.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 0802e7b9..41f983fa 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -39,4 +39,5 @@ jobs: - run: ls -lh ~/.local/share/aquaproj-aqua/bin - name: Set $PATH run: echo "$HOME/.local/share/aquaproj-aqua/bin" >> "$GITHUB_PATH" + - run: aqua version - run: cosign version From ab952150b6c3ec84d2458f4404bd40375fe51879 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Thu, 13 Nov 2025 23:59:18 +0900 Subject: [PATCH 08/11] use tarball --- .github/workflows/test.yaml | 11 ++++++++--- aqua/aqua.yaml | 16 +++++++++++++--- aqua/imports/cosign.yaml | 3 --- aqua/imports/gh.yaml | 3 --- aqua/imports/minisign.yaml | 5 ----- aqua/imports/slsa-verifier.yaml | 3 --- 6 files changed, 21 insertions(+), 20 deletions(-) delete mode 100644 aqua/imports/cosign.yaml delete mode 100644 aqua/imports/gh.yaml delete mode 100644 aqua/imports/minisign.yaml delete mode 100644 aqua/imports/slsa-verifier.yaml diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 41f983fa..1d2edaa0 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -14,11 +14,12 @@ jobs: with: aqua_version: v2.55.1 aqua_opts: "" + - name: Create a tarball + run: tar cvzf aqua.tar.gz "$(aqua root-dir)" - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: aqua - path: ~/.local/share/aquaproj-aqua - include-hidden-files: true + path: aqua.tar.gz test: runs-on: ubuntu-24.04 @@ -35,7 +36,11 @@ jobs: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: aqua - path: ~/.local/share/aquaproj-aqua + path: aqua.tar.gz + - run: mkdir -p ~/.local/share + - run: tar xvzf aqua.tar.gz -C ~/.local/share + - run: rm aqua.tar.gz + - run: ls -lh ~/.local/share/aquaproj-aqua - run: ls -lh ~/.local/share/aquaproj-aqua/bin - name: Set $PATH run: echo "$HOME/.local/share/aquaproj-aqua/bin" >> "$GITHUB_PATH" diff --git a/aqua/aqua.yaml b/aqua/aqua.yaml index ba352f42..bb47612c 100644 --- a/aqua/aqua.yaml +++ b/aqua/aqua.yaml @@ -6,6 +6,16 @@ checksum: enabled: true require_checksum: true registries: -- type: standard - ref: v4.434.0 # renovate: depName=aquaproj/aqua-registry -import_dir: imports + - type: standard + ref: v4.434.0 # renovate: depName=aquaproj/aqua-registry +packages: + - name: jedisct1/minisign + version: "0.12" # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/minisign/aqua.yaml#L14 + - name: jedisct1/minisign + version: "0.11" # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/minisign/aqua.yaml#L16 + - name: cli/cli + version: v2.82.1 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/ghattestation/aqua.yaml#L10 + - name: sigstore/cosign + version: v3.0.2 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/cosign/aqua.yaml#L14 + - name: slsa-framework/slsa-verifier + version: v2.7.1 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/slsa/aqua.yaml#L14 diff --git a/aqua/imports/cosign.yaml b/aqua/imports/cosign.yaml deleted file mode 100644 index 9e1d3da0..00000000 --- a/aqua/imports/cosign.yaml +++ /dev/null @@ -1,3 +0,0 @@ -packages: - - name: sigstore/cosign - version: v3.0.2 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/cosign/aqua.yaml#L14 diff --git a/aqua/imports/gh.yaml b/aqua/imports/gh.yaml deleted file mode 100644 index b1fba543..00000000 --- a/aqua/imports/gh.yaml +++ /dev/null @@ -1,3 +0,0 @@ -packages: - - name: cli/cli - version: v2.82.1 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/ghattestation/aqua.yaml#L10 diff --git a/aqua/imports/minisign.yaml b/aqua/imports/minisign.yaml deleted file mode 100644 index 8271ccc7..00000000 --- a/aqua/imports/minisign.yaml +++ /dev/null @@ -1,5 +0,0 @@ -packages: - - name: jedisct1/minisign - version: "0.12" # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/minisign/aqua.yaml#L14 - - name: jedisct1/minisign - version: "0.11" # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/minisign/aqua.yaml#L16 diff --git a/aqua/imports/slsa-verifier.yaml b/aqua/imports/slsa-verifier.yaml deleted file mode 100644 index 20ec4593..00000000 --- a/aqua/imports/slsa-verifier.yaml +++ /dev/null @@ -1,3 +0,0 @@ -packages: - - name: slsa-framework/slsa-verifier - version: v2.7.1 # https://github.com/aquaproj/aqua/blob/v2.55.1/pkg/slsa/aqua.yaml#L14 From 28382363611d3eeac504540efa74890e74387359 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Fri, 14 Nov 2025 07:47:25 +0900 Subject: [PATCH 09/11] fix --- .github/workflows/test.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 1d2edaa0..5567dd77 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -15,7 +15,7 @@ jobs: aqua_version: v2.55.1 aqua_opts: "" - name: Create a tarball - run: tar cvzf aqua.tar.gz "$(aqua root-dir)" + run: tar -C "$(aqua root-dir)" cvf aqua.tar.gz . - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: aqua @@ -36,9 +36,8 @@ jobs: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: aqua - path: aqua.tar.gz - run: mkdir -p ~/.local/share - - run: tar xvzf aqua.tar.gz -C ~/.local/share + - run: tar -C ~/.local/share xvf aqua.tar.gz - run: rm aqua.tar.gz - run: ls -lh ~/.local/share/aquaproj-aqua - run: ls -lh ~/.local/share/aquaproj-aqua/bin From e287ee8584cf930f6f002881e3bba8d3517b85c2 Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Fri, 14 Nov 2025 07:48:41 +0900 Subject: [PATCH 10/11] fix --- .github/workflows/test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 5567dd77..74359d20 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -15,7 +15,7 @@ jobs: aqua_version: v2.55.1 aqua_opts: "" - name: Create a tarball - run: tar -C "$(aqua root-dir)" cvf aqua.tar.gz . + run: tar -C "$(aqua root-dir)" -cvf aqua.tar.gz . - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 with: name: aqua @@ -37,7 +37,7 @@ jobs: with: name: aqua - run: mkdir -p ~/.local/share - - run: tar -C ~/.local/share xvf aqua.tar.gz + - run: tar -C ~/.local/share -xvf aqua.tar.gz - run: rm aqua.tar.gz - run: ls -lh ~/.local/share/aquaproj-aqua - run: ls -lh ~/.local/share/aquaproj-aqua/bin From ab18c05521c78802d61e5e2de15589ba5db3632e Mon Sep 17 00:00:00 2001 From: Shunsuke Suzuki Date: Fri, 14 Nov 2025 07:51:16 +0900 Subject: [PATCH 11/11] fix --- .github/workflows/test.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 74359d20..db6abddc 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -36,8 +36,8 @@ jobs: - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: aqua - - run: mkdir -p ~/.local/share - - run: tar -C ~/.local/share -xvf aqua.tar.gz + - run: mkdir -p ~/.local/share/aquaproj-aqua + - run: tar -C ~/.local/share/aquaproj-aqua -xvf aqua.tar.gz - run: rm aqua.tar.gz - run: ls -lh ~/.local/share/aquaproj-aqua - run: ls -lh ~/.local/share/aquaproj-aqua/bin