Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(build): add image signing GH action #82

Merged
merged 1 commit into from
Jun 7, 2024
Merged

feat(build): add image signing GH action #82

merged 1 commit into from
Jun 7, 2024

Conversation

ramizpolic
Copy link
Member

@ramizpolic ramizpolic commented Jun 7, 2024
edited
Loading

Overview

Adds cosign container image signing to sign all image artifacts. Use cosign to verify signatures via:

cosign verify \
  ghcr.io/bank-vaults/secrets-webhook:latest \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity https://github.com/bank-vaults/secrets-webhook/.github/workflows/artifacts.yaml@refs/heads/main

Notes for reviewer

@ramizpolic ramizpolic requested a review from a team as a code owner June 7, 2024 09:45
@ramizpolic ramizpolic requested review from sagikazarmark and removed request for a team June 7, 2024 09:45
@ramizpolic ramizpolic self-assigned this Jun 7, 2024
@github-actions github-actions bot added the size/S Denotes a PR that changes 10-99 lines label Jun 7, 2024
@ramizpolic ramizpolic added area/pipeline area/build area/security area/artifacts and removed size/S Denotes a PR that changes 10-99 lines labels Jun 7, 2024
@github-actions github-actions bot added the size/S Denotes a PR that changes 10-99 lines label Jun 7, 2024
@ramizpolic
feat(build): add image signing GH action
73b6e84 
Signed-off-by: Ramiz Polic <ramiz.polic@hotmail.com>
@ramizpolic ramizpolic merged commit 44e97a5 into main Jun 7, 2024
26 checks passed
@ramizpolic ramizpolic deleted the feat/sign-images branch June 7, 2024 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akijakya akijakya akijakya approved these changes

@sagikazarmark sagikazarmark Awaiting requested review from sagikazarmark sagikazarmark is a code owner automatically assigned from bank-vaults/maintainers

Assignees

@ramizpolic ramizpolic

Labels
area/artifacts area/build area/pipeline area/security size/S Denotes a PR that changes 10-99 lines
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ramizpolic @akijakya