From edaeeaa8685466090e45fe129a7f0d8c0de7cf35 Mon Sep 17 00:00:00 2001 From: Carolina Delwing Rosa Date: Mon, 8 Jan 2024 15:09:06 -0300 Subject: [PATCH] fix: added image signing --- .github/workflows/release.yaml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 01f0c19..e08963f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -62,6 +62,7 @@ jobs: - name: Build and push if: ${{ steps.dependencies.outputs.VERSION != ''}} uses: docker/build-push-action@v2 + id: build-and-push with: context: . build-args: | @@ -74,7 +75,23 @@ jobs: platforms: linux/amd64,linux/arm64 push: true tags: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} - + + - uses: sigstore/cosign-installer@v3.3.0 + + - name: Image Signing + run: | + cosign sign --yes \ + -a "repo=${{ github.repository }}" \ + -a "workflow=${{ github.workflow }}" \ + -a "ref=${{ github.sha }}" \ + -a "owner=Spectro Cloud" \ + --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}" + env: + TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + release: name: "Release"