Skip to content

Update cosign on container image creation #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
devpro merged 1 commit into from
Jun 14, 2026
Merged

Update cosign on container image creation #22

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 0 additions & 19 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,3 @@ jobs:
markup-lint:
name: Markup
uses: ./.github/workflows/reusable-markup-lint.yml

validate-cosign:
name: Validate / Cosign
runs-on: ubuntu-latest
steps:
- name: Clone repository
uses: actions/checkout@v6
- name: Pull Alpine image
run: docker pull ghcr.io/linuxcontainers/alpine:latest
- name: Cosign Alpine image (read-only)
uses: ./actions/cosign/sign
with:
image-name: 'alpine'
image-path: 'ghcr.io/linuxcontainers'
image-tag: 'latest'
readonly: 'true'
permissions:
id-token: write
contents: read
8 changes: 4 additions & 4 deletions .github/workflows/reusable-container-publication.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,18 +108,18 @@ jobs:
ref: ${{ inputs.workflow-parts-version }}
path: workflow-parts
- name: Login to container registry
uses: docker/login-action@v4
uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee
with:
registry: ${{ inputs.container-registry }}
username: ${{ secrets.container-registry-username }}
password: ${{ secrets.container-registry-password }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v4
uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3
- name: Set up Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5
- name: Build and push container image
id: build-push
uses: docker/build-push-action@v7
uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf
with:
context: ${{ inputs.working-directory }}
file: ${{ inputs.image-definition }}
Expand Down
4 changes: 3 additions & 1 deletion actions/cosign/sign/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,9 @@ runs:
- name: Get image digest
id: digest
run: |
DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.image-path }}/${{ inputs.image-name }}:${{ inputs.image-tag }} | cut -d'@' -f2)
DIGEST=$(docker buildx imagetools inspect \
${{ inputs.image-path }}/${{ inputs.image-name }}:${{ inputs.image-tag }} \
--format '{{json .Manifest}}' | jq -r '.digest')
echo "DIGEST=$DIGEST" >> $GITHUB_OUTPUT
shell: bash
- name: Sign image with Cosign
Expand Down