diff options
| author | Liran Tal <liran.tal@gmail.com> | 2022-06-21 13:12:59 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-21 13:12:59 +0300 |
| commit | 554fcb8aa30dcfcc7537dc094d507c3822f5f196 (patch) | |
| tree | 7d8f58cb2bc0394eba8b0d5c94e6fced144d22e8 | |
| parent | c9ba562a0a12423e8c0b65cc6d6c0dc917078ebf (diff) | |
chore: sign container images
| -rw-r--r-- | .github/workflows/docker-publish.yml | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 97666e1..b409319 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -55,3 +55,12 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + - name: Cosign install + uses: sigstore/cosign-installer@v2.4.0 + + - name: Sign the published container image + env: + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + run: cosign sign --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.run_id }} |