Skip to content

Commit

Permalink
fix: fix broken image signing (#461)
Browse files Browse the repository at this point in the history
## This PR

Fixes image signing issue and sign with digest

---------

Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
  • Loading branch information
Kavindu-Dodan authored Mar 2, 2023
1 parent 408bb7c commit 05bb51c
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions .github/workflows/release-please.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ jobs:
run: echo "::set-output name=date::$(date +'%Y-%m-%d')"

- name: Build
id: build
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 # v4
with:
builder: ${{ steps.buildx.outputs.name }}
Expand All @@ -77,13 +78,20 @@ jobs:
VERSION=${{ needs.release-please.outputs.release_tag_name }}
COMMIT=${{ github.sha }}
DATE=${{ steps.date.outputs.date }}
outputs:
image_digest: ${{ steps.build.outputs.digest }}

container-signing:
needs: container-release
runs-on: ubuntu-latest
if: ${{ needs.release-please.outputs.release_created }}
steps:
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65

- name: Sign the image
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.container-release.outputs.image_digest }}
cosign public-key --key env://COSIGN_PRIVATE_KEY --outfile ${{ env.PUBLIC_KEY_FILE }}
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
Expand Down

0 comments on commit 05bb51c

Please sign in to comment.