[gha] Confirm 'cosign sign' command without interaction

The command `cosign sign` requires to approve the action on the prompt. Due the command is running without interactive mode, the flag `--yes` is needed confirm the operation. Signed-off-by: Santiago Dueñas <sduenas@bitergia.com>
chaoss · Nov 6, 2023 · 51265d0 · 51265d0
1 parent 355d181
commit 51265d0
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -84,6 +84,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Build and push
+        id: build-and-push
         uses: docker/build-push-action@c56af957549030174b10d6867f20e78cfd7debc5 # v3.2.0
         with:
           platforms: linux/amd64,linux/arm64
@@ -93,8 +94,9 @@ jobs:
 
       - name: Sign image with a key
         run: |
-          cosign sign --key env://COSIGN_PRIVATE_KEY ${TAGS}
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${TAGS}@${DIGEST}"
         env:
           TAGS: ${{ steps.meta.outputs.tags }}
           COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
           COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}