Merge pull request #423 from ComplianceAsCode/renovate/sigs.k8s.io-co… #154

Sign in to view logs

Triggered via push October 26, 2023 19:36

openshift-ci[bot]

master

Status Success

Total duration 8m 27s

Artifacts –

release-latest.yml

on: push

bundle-container-push-latest / container

openscap-container-push-latest / container

operator-container-push-latest / container

bundle-container-push-latest / sign

bundle-container-push-latest / sbom

openscap-container-push-latest / sign

openscap-container-push-latest / sbom

operator-container-push-latest / sign

operator-container-push-latest / sbom

catalog-container-push-latest

Annotations

2 warnings and 12 notices

catalog-container-push-latest

The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

catalog-container-push-latest

The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Verify signature

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator-bundle@sha256:e542a1eb3ccc4668c3a65be930aac2c203668e6ed6ea3bd0e66327231386f915 | jq '.[0]'

Inspect signature bundle

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator-bundle@sha256:e542a1eb3ccc4668c3a65be930aac2c203668e6ed6ea3bd0e66327231386f915 | jq '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson'

Inspect certificate

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator-bundle@sha256:e542a1eb3ccc4668c3a65be930aac2c203668e6ed6ea3bd0e66327231386f915 | jq -r '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson | .spec.signature.publicKey.content |= @base64d | .spec.signature.publicKey.content' | openssl x509 -text

Verify signature

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/openscap-ocp@sha256:4765e131c051d2ecf99713d9103d203c579c2ec6ea403fb9ce63b35ea117bd7c | jq '.[0]'

Inspect signature bundle

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/openscap-ocp@sha256:4765e131c051d2ecf99713d9103d203c579c2ec6ea403fb9ce63b35ea117bd7c | jq '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson'

Inspect certificate

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/openscap-ocp@sha256:4765e131c051d2ecf99713d9103d203c579c2ec6ea403fb9ce63b35ea117bd7c | jq -r '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson | .spec.signature.publicKey.content |= @base64d | .spec.signature.publicKey.content' | openssl x509 -text

Verify SBOM attestation

COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/complianceascode/compliance-operator-bundle@sha256:e542a1eb3ccc4668c3a65be930aac2c203668e6ed6ea3bd0e66327231386f915 | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType == "https://spdx.dev/Document") | .predicate.Data | fromjson'

Verify SBOM attestation

COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/complianceascode/openscap-ocp@sha256:4765e131c051d2ecf99713d9103d203c579c2ec6ea403fb9ce63b35ea117bd7c | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType == "https://spdx.dev/Document") | .predicate.Data | fromjson'

Verify signature

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator@sha256:70bc675a862c51716722d900c5bcc414ac68e1168e7011bbc63d89962df3dac7 | jq '.[0]'

Inspect signature bundle

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator@sha256:70bc675a862c51716722d900c5bcc414ac68e1168e7011bbc63d89962df3dac7 | jq '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson'

Inspect certificate

COSIGN_EXPERIMENTAL=1 cosign verify ghcr.io/complianceascode/compliance-operator@sha256:70bc675a862c51716722d900c5bcc414ac68e1168e7011bbc63d89962df3dac7 | jq -r '.[0].optional.Bundle.Payload.body |= @base64d | .[0].optional.Bundle.Payload.body | fromjson | .spec.signature.publicKey.content |= @base64d | .spec.signature.publicKey.content' | openssl x509 -text

Verify SBOM attestation

COSIGN_EXPERIMENTAL=1 cosign verify-attestation ghcr.io/complianceascode/compliance-operator@sha256:70bc675a862c51716722d900c5bcc414ac68e1168e7011bbc63d89962df3dac7 | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType == "https://spdx.dev/Document") | .predicate.Data | fromjson'