Use built-in 'private' bit

actions · Dec 2, 2021 · 326dc04 · 326dc04
1 parent e953f20
commit 326dc04
Showing 1 changed file with 2 additions and 11 deletions.
diff --git a/ci/docker-publish.yml b/ci/docker-publish.yml
@@ -76,24 +76,15 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-      # Check whether this is a public repository before signing the image.
+      # Sign the resulting Docker image digest except on PRs and private repos
       # The keyless signing process records signatures on the Rekor public
       # transparency log, so signing is disabled for private repos by default
       # to avoid leaking private data.  If you wish to sign things anyways,
       # then this check can be removed and --force can be added to the cosign
       # command below.
-      - name: Confirm this is a public repository
-        if: ${{ github.event_name != 'pull_request' }}
-        env:
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-        run: |
-          TEMP=$(gh api repos/$GITHUB_REPOSITORY --jq '.private')
-          echo "IS_PRIVATE=$TEMP" >> $GITHUB_ENV
-
-      # Sign the resulting Docker image digest except on PRs and private repos
       # https://github.com/sigstore/cosign
       - name: Sign the published Docker image
-        if: ${{ github.event_name != 'pull_request' && env.IS_PRIVATE == 'false' }}
+        if: ${{ github.event_name != 'pull_request' && !github.event.repository.private }}
         env:
           COSIGN_EXPERIMENTAL: "true"
         # This step uses the identity token to provision an ephemeral certificate