[FEATURE] Sign release images #328
Assignees
Labels
Comments
toddbaert
pushed a commit
that referenced
this issue
Feb 1, 2023
## This PR fixes #328 Introduce image signing for flagd. Signature is pushed to OCR repository and public key will get added to release artefacts under the name `publicKey.pub` (referred through variable PUBLIC_KEY_FILE in GH action) **NOTE** - Require COSIGN_PRIVATE_KEY & COSIGN_PASSWORD secrets to be created. And decide how to expose public key --------- Signed-off-by: Kavindu Dodanduwa <kavindudodanduwa@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Requirements
The flagd image should be signed by something like cosign during the release process. This is already being in the in the operator and a similar flow can be used here.
https://github.com/open-feature/open-feature-operator/blob/main/.github/workflows/release-please.yml#L86-L99
The text was updated successfully, but these errors were encountered: