add chart provenance verification to e2e

Question

add chart provenance verification to e2e

Opened this issue 8 years ago · 1 comments

Once we are signing our staging helm charts (workflow-dev, builder-dev, etc.), we should add a correlating verification step to the chart install in the downstream e2e job(s) along the lines of:

...
gpg --keyserver <keyserver (probably pgp.mit.edu)> --recv-keys <KEY_ID>
helm install --verify "${CHART_REPO:-${CHART}}"/"${CHART}"
...

Answer 1 · 2018-03-22T15:41:36.000Z

This issue was moved to teamhephy/jenkins-jobs#10