Loading .github/workflows/docker-publish.yml +20 −20 Original line number Diff line number Diff line Loading @@ -99,23 +99,23 @@ jobs: mv /tmp/.buildx-cache-new /tmp/.buildx-cache # # Install the cosign tool except on PR # # https://github.com/sigstore/cosign-installer # - name: Install cosign # if: github.event_name != 'pull_request' # uses: sigstore/cosign-installer@v3.3.0 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: ${{ github.event_name != 'pull_request' }} uses: sigstore/cosign-installer@v3 # with: # cosign-release: 'v2.2.2' # # Sign the resulting Docker image digest except on PRs. # # This will only write to the public Rekor transparency log when the Docker # # repository is public to avoid leaking data. If you would like to publish # # transparency data even for private images, pass --force to cosign below. # # https://github.com/sigstore/cosign # - name: Sign the published Docker image # if: ${{ github.event_name != 'pull_request' }} # env: # COSIGN_EXPERIMENTAL: "true" # # This step uses the identity token to provision an ephemeral certificate # # against the sigstore community Fulcio instance. # run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: echo "${{ steps.meta.outputs.tags }}" | grep -E '^(.+):(.+)-(.+)-(.+)$|^(.+):([0-9]+).([0-9]+).([0-9]+)(.+)$' | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }} Loading
.github/workflows/docker-publish.yml +20 −20 Original line number Diff line number Diff line Loading @@ -99,23 +99,23 @@ jobs: mv /tmp/.buildx-cache-new /tmp/.buildx-cache # # Install the cosign tool except on PR # # https://github.com/sigstore/cosign-installer # - name: Install cosign # if: github.event_name != 'pull_request' # uses: sigstore/cosign-installer@v3.3.0 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign if: ${{ github.event_name != 'pull_request' }} uses: sigstore/cosign-installer@v3 # with: # cosign-release: 'v2.2.2' # # Sign the resulting Docker image digest except on PRs. # # This will only write to the public Rekor transparency log when the Docker # # repository is public to avoid leaking data. If you would like to publish # # transparency data even for private images, pass --force to cosign below. # # https://github.com/sigstore/cosign # - name: Sign the published Docker image # if: ${{ github.event_name != 'pull_request' }} # env: # COSIGN_EXPERIMENTAL: "true" # # This step uses the identity token to provision an ephemeral certificate # # against the sigstore community Fulcio instance. # run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image if: ${{ github.event_name != 'pull_request' }} env: COSIGN_EXPERIMENTAL: "true" # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: echo "${{ steps.meta.outputs.tags }}" | grep -E '^(.+):(.+)-(.+)-(.+)$|^(.+):([0-9]+).([0-9]+).([0-9]+)(.+)$' | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}
Dmitriy Safronov <zimniy@cyberbrain.pw>Dmitriy Safronov <zimniy@cyberbrain.pw>