Update cosign to latest version in release Github action (#958)

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
Cosmin Cojocar 2023-05-17 15:27:49 +02:00 committed by GitHub
parent 8632a8c58a
commit c5ea1b7bdd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 3 deletions

View file

@ -21,7 +21,7 @@ jobs:
- name: Install Cosign - name: Install Cosign
uses: sigstore/cosign-installer@v3 uses: sigstore/cosign-installer@v3
with: with:
cosign-release: 'v1.13.1' cosign-release: 'v2.0.2'
- name: Store Cosign private key in a file - name: Store Cosign private key in a file
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key' run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
shell: bash shell: bash
@ -68,7 +68,9 @@ jobs:
push: true push: true
build-args: GO_VERSION=1.20 build-args: GO_VERSION=1.20
- name: Sign Docker Image - name: Sign Docker Image
run: cosign sign -key /tmp/cosign.key ${TAGS} run: cosign sign --yes --key /tmp/cosign.key ${TAGS}
env: env:
TAGS: ${{steps.meta.outputs.tags}} TAGS: ${{steps.meta.outputs.tags}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
COSIGN_PRIVATE_KEY: /tmp/cosign.key
DIGEST: ${{steps.build-push-action.outputs.digest}}

View file

@ -26,6 +26,11 @@ builds:
signs: signs:
- cmd: cosign - cmd: cosign
stdin: '{{ .Env.COSIGN_PASSWORD}}' stdin: '{{ .Env.COSIGN_PASSWORD}}'
args: ["sign-blob", "--key=/tmp/cosign.key", "--output=${signature}", "${artifact}"] args:
- "sign-blob"
- "--key=/tmp/cosign.key"
- "--output=${signature}"
- "${artifact}"
- "--yes"
artifacts: all artifacts: all