From c5ea1b7bdd9efc3792e513258853552b0ae31e06 Mon Sep 17 00:00:00 2001 From: Cosmin Cojocar Date: Wed, 17 May 2023 15:27:49 +0200 Subject: [PATCH] Update cosign to latest version in release Github action (#958) Signed-off-by: Cosmin Cojocar --- .github/workflows/release.yml | 6 ++++-- .goreleaser.yml | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f2ff0f2..b6735ee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -21,7 +21,7 @@ jobs: - name: Install Cosign uses: sigstore/cosign-installer@v3 with: - cosign-release: 'v1.13.1' + cosign-release: 'v2.0.2' - name: Store Cosign private key in a file run: 'echo "$COSIGN_KEY" > /tmp/cosign.key' shell: bash @@ -68,7 +68,9 @@ jobs: push: true build-args: GO_VERSION=1.20 - name: Sign Docker Image - run: cosign sign -key /tmp/cosign.key ${TAGS} + run: cosign sign --yes --key /tmp/cosign.key ${TAGS} env: TAGS: ${{steps.meta.outputs.tags}} COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} + COSIGN_PRIVATE_KEY: /tmp/cosign.key + DIGEST: ${{steps.build-push-action.outputs.digest}} diff --git a/.goreleaser.yml b/.goreleaser.yml index 25a81b5..e3c903e 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -26,6 +26,11 @@ builds: signs: - cmd: cosign stdin: '{{ .Env.COSIGN_PASSWORD}}' - args: ["sign-blob", "--key=/tmp/cosign.key", "--output=${signature}", "${artifact}"] + args: + - "sign-blob" + - "--key=/tmp/cosign.key" + - "--output=${signature}" + - "${artifact}" + - "--yes" artifacts: all