[NotationV0] bump: bump up notation version to v1.1.0 (#19468)

* bump: bump up notation version to v1.1.0

Signed-off-by: Junjie Gao <[email protected]>

* fix: bump up task version

Signed-off-by: Junjie Gao <[email protected]>

* fix: bump up task version

Signed-off-by: Junjie Gao <[email protected]>

* fix: update code

Signed-off-by: Junjie Gao <[email protected]>

---------

Signed-off-by: Junjie Gao <[email protected]>

Author: JeyJeyGao

Tasks/NotationV0/README.md

@@ -18,42 +18,6 @@ It transfers the trust store and trust policy from the user's code repository to
 - public network access for downloading Notation CLI and Notation Azure Key Vault plugin from Github releases.
 - Supported OS: Linux x64/ARM64, Windows x64, macOS x64/ARM64
 
-# User Documents
-- [Notation sign on ADO pipeline](./docs/sign-images-pipeline.md)
-
-## Inputs
-`command` - Command  
-`string`. Required. Allowed values: `install`, `sign` and `verify`.
-
-`artifactRefs` - Artifact References  
-`string`. The container artifact reference with digest. If multiple references are used, please use comma to separate them. If it was not specified, the task will automatically detect it from previous Docker task.
-
-`plugin` - Plugin  
-`string`. Required for sign command. Allowed values: `azureKeyVault`.
-
-`akvPluginVersion` - Azure Key Vault Plugin Version
-`string`. Required for `azureKeyVault` plugin. The version for Azure Key Vault plugin. Please visit the [release page](https://github.com/Azure/notation-azure-kv/releases) to choose a released version.
-
-`azurekvServiceConnection` - Azure Key Vault Service Connection  
-`string`. Required for `azure-kv` plugin. Select the The Azure Resource Manager service connection for the key vault if prefer to use service connection for authentication.
-
-`keyid` - Key ID  
-`string`. Required for `azure-kv` plugin. The key identifier of an Azure Key Vault certificate.
-
-`selfSigned` - Self signed  
-`boolean`. Whether the certficate is self-signed certificate.
-
-`caCertBundle` - Certificate Bundle File Path  
-`string`. The certificate bundle file containing intermidiate certificates and root certificate.
-
-`trustPolicy` - Trust Policy File Path  
-`string`. Required for `verify` command. The trust policy file path.
-
-`trustStore` - Trust Store Folder Path  
-`string`. Requried for `verify` command. The trust store folder path.
-
-`signatureFormat` - Signature Format  
-`string`. Signature envelope format. Allowed values: `jws`, `cose`.
-
-`allowReferrersAPI` - [Experimental] Allow Referrers API  
-`boolean`. Use the Referrers API to sign signatures, if not supported (returns 404), fallback to the Referrers tag schema.
+## Bump up notation version
+1. Run ./scripts/generate_checksum.py to update the ./data/notation_versions.json file.
+2. Update the task.json and task.loc.json default version to be the latest version.

Tasks/NotationV0/data/notation_versions.json

@@ -1,4 +1,33 @@
 [
+    {
+        "darwin": {
+            "amd64": {
+                "checksum": "a190962ca09a24d814916e26c8f98d01c1891fd0bae6192355675b8b16e38726",
+                "url": "https://github.com/notaryproject/notation/releases/download/v1.1.0/notation_1.1.0_darwin_amd64.tar.gz"
+            },
+            "arm64": {
+                "checksum": "295df24d247f4b276bd1ee04ae5f639b8feadebd68c01be1821c0b94cbd5cf75",
+                "url": "https://github.com/notaryproject/notation/releases/download/v1.1.0/notation_1.1.0_darwin_arm64.tar.gz"
+            }
+        },
+        "linux": {
+            "amd64": {
+                "checksum": "0e31e156edff6cc324405cda391d7144b0b99c265a7bdfa6644f457e530fe6d4",
+                "url": "https://github.com/notaryproject/notation/releases/download/v1.1.0/notation_1.1.0_linux_amd64.tar.gz"
+            },
+            "arm64": {
+                "checksum": "8c01a8f52356b15ce2c69be4cea193c56d092f913482d2e4a4d90ad6ec81fe64",
+                "url": "https://github.com/notaryproject/notation/releases/download/v1.1.0/notation_1.1.0_linux_arm64.tar.gz"
+            }
+        },
+        "version": "1.1.0",
+        "windows": {
+            "amd64": {
+                "checksum": "397b5ccc27d8f890f955f1e91f8fb21e4c23995ec8f5a42257e72a14728bd4d5",
+                "url": "https://github.com/notaryproject/notation/releases/download/v1.1.0/notation_1.1.0_windows_amd64.zip"
+            }
+        }
+    },
     {
         "darwin": {
             "amd64": {

Tasks/NotationV0/package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "notation",
-  "version": "0.232.0",
+  "version": "0.235.0",
   "description": "Azure Pipepine Task for setting up Notation CLI, sign and verify with Notation",
   "main": "src/index.js",
   "scripts": {

Tasks/NotationV0/package.json

@@ -0,0 +1,81 @@
+# This script reads a checksums.txt file and generates a JSON file containing 
+# the checksums and URLs for each file. The generated JSON file is then merged 
+# with an existing JSON file containing previous checksums. If the version 
+# already exists in the existing JSON file, an exception is raised.
+#
+# Usage: python generate_checksum.py <checksums.txt> <old_checksums.json>
+#
+# checksums.txt format:
+# 2ef0560c3c88908a22d1f302e5b0119160e72380e25fb58c2d7b153e9397a04c  notation_1.0.0-rc.1_linux_arm64.tar.gz
+# 3b5239d68810fec349807aa9eb90fcb9cd972cdb540ecfd4fcf3631d7ad4be06  notation_1.0.0-rc.1_darwin_amd64.tar.gz
+# 7607c8de3b6c1435b2dc4c012e9c0486849ce7b4b5e0fbbee2dd9ed7aab084a7  notation_1.0.0-rc.1_linux_amd64.tar.gz
+# 7d091cbd62886d1b47b60519a5b56314e794caf18751b1cccab2f54387a0d5c4  notation_1.0.0-rc.1_windows_amd64.zip
+# eaa7b0c7c8d18e504766ce8d3ac5e46da2e97f4fdcead8be997e0ae74b146b00  notation_1.0.0-rc.1_darwin_arm64.tar.gz
+#
+# Note: This script may be integrated to pipeline in the future.
+#
+import os
+import sys
+import json
+
+def build_url(name, version, filename):
+    return {
+        "notation": lambda : f'https://github.com/notaryproject/notation/releases/download/v{version}/{filename}',
+        "notation-azure-kv": lambda :f'https://github.com/Azure/notation-azure-kv/releases/download/v{version}/{filename}'
+    }[name]()
+
+def process_checksum(filepath):
+    verionInfo = {}
+    with open(filepath, 'r') as f:
+        for line in f.readlines():
+            line = line.rstrip('\n')
+            parts = line.split(' ')
+            checksum = parts[0]
+            filename = parts[2]
+            name_parts = filename.split('_')
+            name = name_parts[0]
+            version = name_parts[1]
+            osName = name_parts[2]
+            arch = name_parts[3].split('.')[0]
+
+            # generate checksum
+            verionInfo.setdefault('version', version)
+            verionInfo.setdefault(osName, {})
+            verionInfo[osName].setdefault(arch, {})
+            verionInfo[osName][arch] = {
+                "url": build_url(name, version, filename),
+                "checksum": checksum
+            }
+
+    return verionInfo
+
+def update_checksums(filepath, checksums):
+    # read old checksums
+    versionList = []
+    if os.path.exists(filepath):
+        f = open(filepath, 'r')
+        versionList = json.load(f)
+        f.close()
+
+    # check if version exists
+    for versionInfo in versionList:
+        if versionInfo['version'] == checksums['version']:
+            raise Exception(f'Version {checksums["version"]} already exists in {filepath}')
+
+    # update checksums
+    with open(filepath, 'w') as f:
+        json.dump([checksums] + versionList, f, indent=4, sort_keys=True)
+
+def main():
+    if len(sys.argv) < 3:
+        print('Usage: python generate_checksum.py <checksums.txt> <old_checksums.json>')
+        sys.exit(1)
+    
+    filepath = sys.argv[1]
+    old_checksums = sys.argv[2]
+
+    checksums = process_checksum(filepath)
+    update_checksums(old_checksums, checksums)
+
+if __name__ == '__main__':
+    main()

Tasks/NotationV0/scripts/generate_checksum.py

@@ -10,7 +10,7 @@
   "minimumAgentVersion": "2.144.0",
   "version": {
     "Major": 0,
-    "Minor": 232,
+    "Minor": 235,
     "Patch": 0
   },
   "groups": [
@@ -61,7 +61,7 @@
       "name": "version",
       "type": "string",
       "label": "Version",
-      "defaultValue": "1.0.1",
+      "defaultValue": "1.1.0",
       "required": true,
       "helpMarkDown": "The version of Notation to install. Example: 1.0.0, 1, 1.0, 1.0.0",
       "visibleRule": "command = install && isCustomVersion = false",

Tasks/NotationV0/task.json

@@ -10,7 +10,7 @@
   "minimumAgentVersion": "2.144.0",
   "version": {
     "Major": 0,
-    "Minor": 232,
+    "Minor": 235,
     "Patch": 0
   },
   "groups": [
@@ -61,7 +61,7 @@
       "name": "version",
       "type": "string",
       "label": "ms-resource:loc.input.label.version",
-      "defaultValue": "1.0.1",
+      "defaultValue": "1.1.0",
       "required": true,
       "helpMarkDown": "ms-resource:loc.input.help.version",
       "visibleRule": "command = install && isCustomVersion = false",