feat: Sign base image

dusansimic · Feb 4, 2024 · 70f3d01 · 70f3d01
1 parent 600200b
commit 70f3d01
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 12 deletions.
diff --git a/.github/workflows/base.yml b/.github/workflows/base.yml
@@ -17,8 +17,8 @@ jobs:
     steps:
       - name: Checkout the repo
         uses: actions/checkout@v3
-      # - name: Setup cosign
-      #   uses: sigstore/cosign-installer@v3.3.0
+      - name: Setup cosign
+        uses: sigstore/cosign-installer@v3.3.0
       - name: Login to container registry
         uses: redhat-actions/podman-login@v1
         with:
@@ -41,12 +41,12 @@ jobs:
           image: ${{ steps.build.outputs.image }}
           tags: ${{ steps.build.outputs.tags }}
           registry: ${{ env.REGISTRY }}
-      # - name: Sign image
-      #   run: cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
-      #   env:
-      #     COSIGN_EXPERIMENTAL: false
-      #     COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      #     COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+      - name: Sign image
+        run: cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
   node:
     needs: build
     uses: ./.github/workflows/node.yml

diff --git a/cosign.pub b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEm86+C2XTX+/q8HFr6ddOwkxlUFPA
+Wv72sowaeqCHLrFdMLThkRIYg1GoGXJCvUc5SbuFIQloPzJhnSn0F1Y1RQ==
+-----END PUBLIC KEY-----
diff --git a/ghcr.io-dusansimic-toolbox-images.pub b/ghcr.io-dusansimic-toolbox-images.pub