Skip to content

Commit

Permalink
gh: use cosign sign -y
Browse files Browse the repository at this point in the history 
Signed-off-by: Kornilios Kourtis <[email protected]>
  • Loading branch information
@kkourt
kkourt committed Oct 31, 2023
1 parent 1de3496 commit 3fff37a
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 10 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-clang-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }}
- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
Expand Down Expand Up @@ -150,7 +150,7 @@ jobs:
docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/clang:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}"
- name: Image Release Digest
shell: bash
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/build-images-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }}
- name: Generate SBOM
if: github.event_name == 'push'
Expand All @@ -149,7 +149,7 @@ jobs:
docker_build_ci_main_digest="${{ steps.docker_build_ci_main.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_main_digest/:/-}.sbom"
docker_build_ci_main_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}"
- name: CI Image Releases digests (main)
if: github.event_name == 'push'
Expand Down Expand Up @@ -179,7 +179,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
- name: Generate SBOM
if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
Expand All @@ -203,7 +203,7 @@ jobs:
docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom"
docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
- name: CI Image Releases digests (PR)
if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/build-images-releases.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }}
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }}
- name: Install Go
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
Expand Down Expand Up @@ -124,11 +124,11 @@ jobs:
docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}"
- name: Image Release Digest
shell: bash
Expand Down

0 comments on commit 3fff37a

Please sign in to comment.