Skip to content

fix: sign docker manifest #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 12, 2023
Merged

fix: sign docker manifest #23

merged 1 commit into from
May 12, 2023

Conversation

@raffis
Copy link
Member

@raffis raffis commented May 12, 2023

Current situation

Currently only the docker images are signed but not the manifest. Meaning: cosign verify --certificate-identity-regexp=https://github.com/DoodleScheduling/k8sprom-patch-controller/.github/workflows/release.yaml@refs/tags/v0.2.1 --certificate-oidc-issuer=https://token.actions.githubusercontent.com ghcr.io/doodlescheduling/k8sprom-patch-controller:v0.2.1-amd64
works while cosign verify --certificate-identity-regexp=https://github.com/DoodleScheduling/k8sprom-patch-controller/.github/workflows/release.yaml@refs/tags/v0.2.1 --certificate-oidc-issuer=https://token.actions.githubusercontent.com ghcr.io/doodlescheduling/k8sprom-patch-controller:v0.2.1
does not.

Proposal

Sign both manifest and images.

@raffis raffis requested a review from a team as a code owner May 12, 2023 11:44
@github-actions
Copy link

github-actions bot commented May 12, 2023

Pull Request Test Coverage Report for Build 4958443514

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 56.786%
Totals Coverage Status
Change from base Build 4786732302: 0.0%
Covered Lines: 159
Relevant Lines: 280
💛 - Coveralls

@raffis raffis merged commit 9870388 into master May 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@petardoodle petardoodle petardoodle approved these changes

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@raffis @petardoodle