mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Update cosign to latest version in release Github action (#958)
Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
This commit is contained in:
parent
8632a8c58a
commit
c5ea1b7bdd
2 changed files with 10 additions and 3 deletions
6
.github/workflows/release.yml
vendored
6
.github/workflows/release.yml
vendored
|
@ -21,7 +21,7 @@ jobs:
|
||||||
- name: Install Cosign
|
- name: Install Cosign
|
||||||
uses: sigstore/cosign-installer@v3
|
uses: sigstore/cosign-installer@v3
|
||||||
with:
|
with:
|
||||||
cosign-release: 'v1.13.1'
|
cosign-release: 'v2.0.2'
|
||||||
- name: Store Cosign private key in a file
|
- name: Store Cosign private key in a file
|
||||||
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
|
run: 'echo "$COSIGN_KEY" > /tmp/cosign.key'
|
||||||
shell: bash
|
shell: bash
|
||||||
|
@ -68,7 +68,9 @@ jobs:
|
||||||
push: true
|
push: true
|
||||||
build-args: GO_VERSION=1.20
|
build-args: GO_VERSION=1.20
|
||||||
- name: Sign Docker Image
|
- name: Sign Docker Image
|
||||||
run: cosign sign -key /tmp/cosign.key ${TAGS}
|
run: cosign sign --yes --key /tmp/cosign.key ${TAGS}
|
||||||
env:
|
env:
|
||||||
TAGS: ${{steps.meta.outputs.tags}}
|
TAGS: ${{steps.meta.outputs.tags}}
|
||||||
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
|
||||||
|
COSIGN_PRIVATE_KEY: /tmp/cosign.key
|
||||||
|
DIGEST: ${{steps.build-push-action.outputs.digest}}
|
||||||
|
|
|
@ -26,6 +26,11 @@ builds:
|
||||||
signs:
|
signs:
|
||||||
- cmd: cosign
|
- cmd: cosign
|
||||||
stdin: '{{ .Env.COSIGN_PASSWORD}}'
|
stdin: '{{ .Env.COSIGN_PASSWORD}}'
|
||||||
args: ["sign-blob", "--key=/tmp/cosign.key", "--output=${signature}", "${artifact}"]
|
args:
|
||||||
|
- "sign-blob"
|
||||||
|
- "--key=/tmp/cosign.key"
|
||||||
|
- "--output=${signature}"
|
||||||
|
- "${artifact}"
|
||||||
|
- "--yes"
|
||||||
artifacts: all
|
artifacts: all
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue