add go wasi policies#136
Merged
flavio merged 3 commits intokubewarden:mainfrom Sep 17, 2024
Merged
Conversation
Now that we have go-wasi policies, we must be able to differentiate between policies built using waPC + TinyGo and the ones that are built using the official Go compiler and the WASI policy mode offered by Kubewarden. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
This is required since the go policies are going to be distinct between TinyGo and Go-WASI ones. `sed --in-place 's/3\.3\.3/3\.3\.4/' $(find . -maxdepth 3 -name "*.yml")` Signed-off-by: Flavio Castelli <fcastelli@suse.com>
This provides a way to build Go-WASI policies that are signed, have SBOMs,... all the good things we do for the other KW policies. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
Member
Author
|
This is required to work on kubewarden/cel-policy#86 |
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| # until https://github.com/actions/checkout/pull/579 is released |
Contributor
There was a problem hiding this comment.
this was merged
but unfortunately, there is this bug actions/checkout#579 (comment)
fabriziosestito
approved these changes
Sep 16, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We just realized some Go-WASI policies are not signed with sigstore. That happens because we never uniformed our Go-WASI policies to use the same set of actions used by the TinyGo ones.
Now that we have go-wasi policies, we must be able to differentiate between policies built using waPC + TinyGo and the ones that are built using the official Go compiler and the WASI policy mode offered by Kubewarden.
The current tinygo policies will keep working as expected, without any change from us.
The Go-WASI policies will have to be changed to use the new reusable workflows defined by this PR.