Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use manifest digest for signing #217

Merged
merged 2 commits into from
Aug 14, 2024
Merged

Commits on Aug 12, 2024

  1. Use manifest digest for signing

    Instead of using the image name and tag, use the image name and the
    manifest sha256. This allows to verify the image sha256 in logs etc.
    and gets rid of the following warning from cosign:
    
    ```
    WARNING: Image reference ghcr.io/home-assistant/amd64-builder:dev uses a tag, not a digest, to identify the image to sign.
    ```
    agners committed Aug 12, 2024
    Configuration menu
    Copy the full SHA
    a161d0f View commit details
    Browse the repository at this point in the history

Commits on Aug 13, 2024

  1. Only try to get image manifest digest after pushing

    Since we anyways can only sign an image which has a manifest digiest
    agners committed Aug 13, 2024
    Configuration menu
    Copy the full SHA
    2d0a4d9 View commit details
    Browse the repository at this point in the history