actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use image digest instead of tag when signing the released image with cosign (#960)

Browse source 
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
Cosmin Cojocar 2023-05-17 15:58:25 +02:00 committed by GitHub
parent 6df05bd7a3
commit 87cc45e1cd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/release.yml vendored
View file

@ -68,7 +68,7 @@ jobs:
push: true push: true
build-args: GO_VERSION=1.20 build-args: GO_VERSION=1.20
- name: Sign Docker Image - name: Sign Docker Image
run: cosign sign --yes --key /tmp/cosign.key ${TAGS} run: cosign sign --yes --key /tmp/cosign.key ${DIGEST}
env: env:
TAGS: ${{steps.meta.outputs.tags}} TAGS: ${{steps.meta.outputs.tags}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}