public_git
/
kaniko
mirror of https://github.com/GoogleContainerTools/kaniko
1
0
Fork 0
Code Issues Releases Wiki Activity

bump cosign version used to sign images (#2437) 

Signed-off-by: Jason Hall <jason@chainguard.dev>
This commit is contained in:
Jason Hall 2023-03-21 18:26:41 -04:00 committed by GitHub
parent 0cbb7664de
commit 6ca4c4b55b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/images.yaml vendored
View File

@ -92,17 +92,14 @@ jobs:
# Sign images if not a PR. # Sign images if not a PR.
- if: github.event_name != 'pull_request' - if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@b3413d484cc23cf8778c3d2aa361568d4eb54679 # v2.5.1 uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
with:
cosign-release: 'v1.11.1'
- if: github.event_name != 'pull_request' - if: github.event_name != 'pull_request'
env:
COSIGN_EXPERIMENTAL: "true"
run: | run: |
cosign sign \ cosign sign --yes \
--key gcpkms://projects/kaniko-project/locations/global/keyRings/cosign/cryptoKeys/cosign \ --key gcpkms://projects/kaniko-project/locations/global/keyRings/cosign/cryptoKeys/cosign \
${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }} ${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }}
cosign sign ${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }} cosign sign --yes \
${{ matrix.image-name }}@${{ steps.build-and-push.outputs.digest }}
# If a tag push, use crane to add more tags. # If a tag push, use crane to add more tags.
- if: startsWith(github.ref, 'refs/tags/v') - if: startsWith(github.ref, 'refs/tags/v')