Description
Description
It would be nice to be able to specify which release version of the components should be stood up, for example:
sigstore/cosign#2402 (comment)
It would be nice to be able to specify which (for example, Rekor), say 1.0.0 or 1.0.x that should get installed. Couple of things off the top of my head is to grab the releases from GitHub and then parse, like is done here (so supports, latest, 1.0.0, and 1.0.x:
https://github.com/chainguard-dev/actions/blob/main/setup-knative/action.yaml#L82
So, that's cool, it gives us the version for the release we're looking for, but then we need to go through and actually pull out the released container image. I'm not sure where else this is kept right now except in things like:
https://github.com/sigstore/rekor/releases/download/v1.0.0/rekor-v1.0.0.yaml
where we'd then pull the image from. Is there a release artifact that we would have the container image we could get in an easier manner?
@cpanato thoughts?
And lastly, once we get the container image, we'd need to kustomize (or something else) and replace the various ./config files with the correct container images. Like here:
https://github.com/sigstore/scaffolding/blob/main/config/rekor/rekor/300-rekor.yaml#L22