Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: sign images using cosign #261

Merged
merged 4 commits into from Dec 29, 2021
Merged

feat: sign images using cosign #261

merged 4 commits into from Dec 29, 2021

Conversation

JamieMagee
Copy link
Collaborator

@JamieMagee JamieMagee commented Dec 28, 2021
edited

Signs all images automatically using cosign keyless workflow. Tested on my own fork of containerbase/python1 (The build log contains some additional logging not present in this PR)

This requires cosign to be installed in all workflows where container images are published, but the sigstore team provides an action to do this2, and I've opened an issue to have it be included in GitHub Actions workers by default 3

Closes containerbase/base#201

References:

Related PRs:

Footnotes

  1. https://github.com/JamieMagee/python/runs/4646250456?check_suite_focus=true

  2. https://github.com/sigstore/cosign-installer

  3. https://github.com/actions/virtual-environments/issues/4813

This was referenced Dec 28, 2021
Merged
Merged
This was referenced Dec 28, 2021
Merged
Merged
Merged
Merged
Merged
Merged
Merged
viceice pushed a commit to containerbase/php that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#3)
bfbaa55 
See containerbase/internal-tools#261
viceice pushed a commit to containerbase/java that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#3)
5e86418 
See containerbase/internal-tools#261
viceice pushed a commit to containerbase/node that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#6)
7c781b9 
See containerbase/internal-tools#261
JamieMagee added a commit to renovatebot/docker-sidecar that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore
495eb2d 
See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice added a commit to containerbase/python that referenced this pull request Dec 28, 2021
@JamieMagee @viceice
ci: install sigstore (#3)
fd8745a 
See containerbase/internal-tools#261

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
viceice added a commit to containerbase/ruby that referenced this pull request Dec 28, 2021
@JamieMagee @viceice
ci: install sigstore (#5)
b676785 
See containerbase/internal-tools#261

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice pushed a commit to containerbase/sidecar that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#3)
02f3140 
See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice pushed a commit to renovatebot/docker-renovate that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#243)
a578943 
See containerbase/internal-tools#261
This was referenced Dec 28, 2021
Merged
Merged
viceice pushed a commit to renovatebot/docker-rust that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#51)
d6aa2cf 
See containerbase/internal-tools#261
viceice pushed a commit to renovatebot/docker-sidecar that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#3)
087633e 
See containerbase/internal-tools#261
JamieMagee added a commit to renovatebot/docker-dotnet that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore
be44a4f 
  See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
JamieMagee added a commit to renovatebot/docker-helm that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore
0d3cfd6 
  See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice pushed a commit to renovatebot/docker-node that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#137)
4075573 
See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice pushed a commit to renovatebot/docker-elixir that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#41)
184515b 
See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice pushed a commit to renovatebot/docker-dotnet that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#44)
756cf9a 
See containerbase/internal-tools#261
JamieMagee added a commit to renovatebot/docker-swift that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore
7e6dd06 
  See containerbase/internal-tools#261
@JamieMagee JamieMagee mentioned this pull request Dec 28, 2021
Merged
viceice pushed a commit to renovatebot/docker-helm that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#8)
1d751f7 
See containerbase/internal-tools#261
viceice pushed a commit to renovatebot/docker-go that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#96)
92cc99b 
See containerbase/internal-tools#261
viceice pushed a commit to renovatebot/docker-swift that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#35)
aa1361b 
See containerbase/internal-tools#261
This was referenced Dec 28, 2021
Merged
Merged
viceice added a commit to renovatebot/docker-ruby that referenced this pull request Dec 28, 2021
@JamieMagee @viceice
ci: install sigstore (#60)
9f6002e 
See containerbase/internal-tools#261

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
viceice pushed a commit to renovatebot/docker-cocoapods that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#52)
d61bb62 
See containerbase/internal-tools#261
viceice added a commit to renovatebot/docker-php that referenced this pull request Dec 28, 2021
@JamieMagee @viceice
ci: install sigstore (#52)
dc00e80 
* ci: install sigstore

  See containerbase/internal-tools#261

* Update .github/workflows/build.yml

* Update .github/workflows/build.yml

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
viceice added a commit to renovatebot/docker-java that referenced this pull request Dec 28, 2021
@JamieMagee @viceice
ci: install sigstore (#70)
6cb4c44 
See containerbase/internal-tools#261

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
viceice added a commit to renovatebot/docker-python that referenced this pull request Dec 28, 2021
@JamieMagee @viceice
ci: install sigstore (#69)
1db8933 
See containerbase/internal-tools#261

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
viceice pushed a commit to renovatebot/docker-renovate-full that referenced this pull request Dec 28, 2021
@JamieMagee
ci: install sigstore (#392)
5f5a05d 
See containerbase/internal-tools#261
viceice
viceice reviewed Dec 28, 2021
View reviewed changes
src/utils/cosign/common.ts Outdated Show resolved Hide resolved
test/utils/cosign/common.spec.ts Show resolved Hide resolved
@JamieMagee @viceice
Update src/utils/cosign/common.ts
8426e4e 
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
@viceice viceice merged commit 44ac477 into containerbase:main Dec 29, 2021
@github-actions
Copy link

🎉 This PR is included in version 1.11.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@JamieMagee JamieMagee deleted the feat/sign-automatically branch December 29, 2021 17:18
@JamieMagee JamieMagee mentioned this pull request Jan 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viceice viceice viceice approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sign container images
2 participants
@JamieMagee @viceice