From 61e30f722299e70001aafa304632d4c4eb418374 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Tue, 1 Feb 2022 14:32:03 +0100 Subject: [PATCH] Sign images with cosign in CI --- .github/workflows/check.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index 7a732c2d5..b5ecc1cb8 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -319,6 +319,9 @@ jobs: run: | jq -s '.[0] * .[1]' ${{ steps.meta.outputs.bake-file }} ${{ steps.meta-debug.outputs.bake-file }} > docker-bake.override.json + - name: Setup Cosign + uses: sigstore/cosign-installer@v2.0.0 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 with: @@ -351,3 +354,10 @@ jobs: base.output=type=image,push=true base.cache-from=type=registry,ref=${{ env.IMAGE }}:buildcache base.cache-to=type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max + + - name: Sign the images with GitHub Actions provided token + if: github.event_name != 'pull_request' + run: cosign sign ${TAGS} + env: + TAGS: "${{ steps.meta.outputs.tags }} ${{ steps.meta-debug.outputs.tags }}" + COSIGN_EXPERIMENTAL: 1