diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index 9e76205bae1..8b0af8e55cd 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -115,7 +115,7 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - name: Install Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 @@ -150,7 +150,7 @@ jobs: docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/clang:${docker_build_release_digest/:/-}.sbom" docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}" - name: Image Release Digest shell: bash diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index 5e7ebc64fbc..484cf76ac24 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -125,7 +125,7 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }} - name: Generate SBOM if: github.event_name == 'push' @@ -149,7 +149,7 @@ jobs: docker_build_ci_main_digest="${{ steps.docker_build_ci_main.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_main_digest/:/-}.sbom" docker_build_ci_main_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}" - name: CI Image Releases digests (main) if: github.event_name == 'push' @@ -179,7 +179,7 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }} - name: Generate SBOM if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' @@ -203,7 +203,7 @@ jobs: docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom" docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}" - name: CI Image Releases digests (PR) if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index f91a0cc0ba1..a3e94473f66 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -84,8 +84,8 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }} - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Go uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 @@ -124,11 +124,11 @@ jobs: docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${docker_build_release_digest/:/-}.sbom" docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_release_digest/:/-}.sbom" docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}" - name: Image Release Digest shell: bash