Skip to content

Commit

Permalink
gh: use cosign sign -y
Browse files Browse the repository at this point in the history 
[ upstream commit  20bd368 ]

Signed-off-by: Kornilios Kourtis <[email protected]>
  • Loading branch information
@kkourt
kkourt committed Nov 28, 2023
1 parent 46adeaa commit 3616862
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 8 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-clang-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }}
- name: Install Bom
if: github.event_name == 'push'
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/clang:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}"
- name: Image Release Digest
if: github.event_name == 'push'
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/build-images-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }}
- name: Generate SBOM
if: github.event_name == 'push'
Expand All @@ -126,7 +126,7 @@ jobs:
docker_build_ci_main_digest="${{ steps.docker_build_ci_main.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_main_digest/:/-}.sbom"
docker_build_ci_main_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}"
- name: CI Image Releases digests (main)
if: github.event_name == 'push'
Expand Down Expand Up @@ -156,7 +156,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
- name: Generate SBOM
if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
Expand All @@ -180,7 +180,7 @@ jobs:
docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom"
docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
- name: CI Image Releases digests (PR)
if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/build-images-releases.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }}
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }}
- name: Install Bom
if: ${{ startsWith(steps.tag.outputs.tag, 'v') }}
Expand Down

0 comments on commit 3616862

Please sign in to comment.