Skip to content

Commit

Permalink
fix: Package signing should happen in the oci workflow.
Browse files Browse the repository at this point in the history
Signed-off-by: Justin Abrahms <justin@abrah.ms>
  • Loading branch information
justinabrahms authored and toddbaert committed Oct 25, 2022
1 parent 3eab92a commit a04a110
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions .github/workflows/release-please.yml
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,25 @@ jobs:
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
labels: ${{ steps.meta.outputs.labels }}


- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.0'

- name: Sign release image
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }}
# Displays the public key to share.
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ env.DRY_RUN != 'true' }}

release-assets:
permissions:
contents: write # for softprops/action-gh-release to create GitHub release
packages: write # for package signing
needs: build-oci
runs-on: ubuntu-latest
if: ${{ needs.release-please.outputs.release_created }}
Expand All @@ -105,21 +120,6 @@ jobs:
- uses: anchore/sbom-action@v0

- name: Install cosign
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.0'

- name: Sign release image
run: |
cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }}
# Displays the public key to share.
cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub
env:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
if: ${{ env.DRY_RUN != 'true' }}

- name: Release
uses: softprops/action-gh-release@v1
with:
Expand Down

0 comments on commit a04a110

Please sign in to comment.