[no-relnote] Remove the signing of images

elezar · elezar · commit b923d6a8d0d9 · 2025-07-09T11:34:51.000+02:00
Signed-off-by: Evan Lezar &lt;elezar@nvidia.com&gt;
diff --git a/.nvidia-ci.yml b/.nvidia-ci.yml
@@ -46,7 +46,6 @@ stages:
   - pull
   - scan
   - release
-  - sign
 
 .pipeline-trigger-rules:
   rules:
@@ -266,64 +265,3 @@ release-images-dummy:
   rules:
     - if: $CI_COMMIT_TAG == null || $CI_COMMIT_TAG == ""
 
-# .sign-images forms the base of the jobs which sign images in the NGC registry.
-.sign-images:
-  stage: sign
-  image: ubuntu:latest
-  parallel:
-    matrix:
-      - TAG_SUFFIX: ["", "-packaging"]
-  variables:
-    IMAGE_NAME: "${NGC_REGISTRY_IMAGE}"
-    IMAGE_TAG: "${CI_COMMIT_TAG}"
-    NGC_CLI: "ngc-cli/ngc"
-  before_script:
-    - !reference [.ngccli-setup, before_script]
-  script:
-    - |
-      # We ensure that the IMAGE_NAME and IMAGE_TAG is set
-      echo Image Name: ${IMAGE_NAME} && [[ -n "${IMAGE_NAME}" ]] || exit 1
-      echo Image Tag: ${IMAGE_TAG} && [[ -n "${IMAGE_TAG}" ]] || exit 1
-
-      export IMAGE=${IMAGE_NAME}:${IMAGE_TAG}${TAG_SUFFIX}
-      echo "Signing the image ${IMAGE}"
-      ${NGC_CLI} registry image publish --source ${IMAGE} ${IMAGE} --public --discoverable --allow-guest --sign --org nvidia
-
-# Define the external image signing steps for NGC
-# Download the ngc cli binary for use in the sign steps
-.ngccli-setup:
-  before_script:
-    - apt-get update && apt-get install -y curl unzip jq
-    - |
-      if [ -z "${NGCCLI_VERSION}" ]; then
-        NGC_VERSION_URL="https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions"
-        # Extract the latest version from the JSON data using jq
-        export NGCCLI_VERSION=$(curl -s $NGC_VERSION_URL | jq -r '.recipe.latestVersionIdStr')
-      fi
-      echo "NGCCLI_VERSION ${NGCCLI_VERSION}"
-    - curl -sSLo ngccli_linux.zip https://api.ngc.nvidia.com/v2/resources/nvidia/ngc-apps/ngc_cli/versions/${NGCCLI_VERSION}/files/ngccli_linux.zip
-    - unzip ngccli_linux.zip
-    - chmod u+x ngc-cli/ngc
-
-sign-ngc-images:
-  extends:
-    - .sign-images
-  needs:
-    - release-images-to-ngc
-  rules:
-    - if: $CI_COMMIT_TAG
-  variables:
-    NGC_CLI_API_KEY: "${NGC_REGISTRY_TOKEN}"
-  retry:
-    max: 2
-
-sign-images-dummy:
-  extends:
-    - .sign-images
-  needs:
-    - release-images-dummy
-  variables:
-    NGC_CLI: "echo [DUMMY] ngc-cli/ngc"
-    IMAGE_TAG: "${CI_COMMIT_SHORT_SHA}"
-  rules:
-    - if: $CI_COMMIT_TAG == null || $CI_COMMIT_TAG == ""
