Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
trust sign: add --local flag #575
@@ Coverage Diff @@ ## master #575 +/- ## ========================================== - Coverage 50.09% 49.43% -0.67% ========================================== Files 216 208 -8 Lines 17696 17170 -526 ========================================== - Hits 8865 8488 -377 + Misses 8387 8249 -138 + Partials 444 433 -11
I also left a similar proposal in the original PR: #472 (review)
An alternative could be to have a
@thaJeztah: yup - this is a followup PR that addresses your feedback, though in a slightly different fashion.
In the context of docker, it doesn't really make sense to have a signature without a pushed image - so we've deliberately made the workflows such that if you sign an image there should always be an associated image in the registry unless you manually delete images in the registry or the signatures with notary.
Taking this into account on
This PR adds a