Skip to content

Commit

Permalink
gh: use cosign sign -y
Browse files Browse the repository at this point in the history 
Signed-off-by: Kornilios Kourtis <[email protected]>
  • Loading branch information
@kkourt @willfindlay
kkourt authored and willfindlay committed Oct 31, 2023
1 parent b5a73d0 commit 9fe2004
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 10 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-clang-image.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }}
- name: Install Bom
if: github.event_name == 'push'
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/clang:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}"
- name: Image Release Digest
if: github.event_name == 'push'
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/build-images-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }}
- name: Generate SBOM
if: github.event_name == 'push'
Expand All @@ -134,7 +134,7 @@ jobs:
docker_build_ci_main_digest="${{ steps.docker_build_ci_main.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_main_digest/:/-}.sbom"
docker_build_ci_main_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}"
- name: CI Image Releases digests (main)
if: github.event_name == 'push'
Expand Down Expand Up @@ -164,7 +164,7 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }}
- name: Generate SBOM
if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
Expand All @@ -188,7 +188,7 @@ jobs:
docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom"
docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}"
- name: CI Image Releases digests (PR)
if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request'
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/build-images-releases.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@ jobs:
env:
COSIGN_EXPERIMENTAL: "true"
run: |
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }}
cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }}
cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }}
- name: Install Bom
if: ${{ startsWith(steps.tag.outputs.tag, 'v') }}
Expand Down Expand Up @@ -118,11 +118,11 @@ jobs:
docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}"
image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_release_digest/:/-}.sbom"
docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)"
cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}"
cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}"
- name: Image Release Digest
shell: bash
Expand Down

0 comments on commit 9fe2004

Please sign in to comment.