Skip to content

Commit

Permalink
we should rely upon the digests not the tags, typos
Browse files Browse the repository at this point in the history 
Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
  • Loading branch information
@developer-guy
developer-guy committed May 7, 2023
1 parent 204a51a commit a05c2f4
Showing 1 changed file with 3 additions and 5 deletions.
8 changes: 3 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,10 +134,8 @@ jobs:
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}

- name: Sign the images with GitHub OIDC Token **not production ready**
run: cosign sign --yes ${TAGS}
env:
TAGS: ${{ steps.docker_meta.outputs.tags }}
- name: Sign the images with GitHub OIDC Token
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
```

### Optional Inputs
Expand All @@ -151,5 +149,5 @@ The following optional inputs:

## Security

Should you discover any security issues, please refer to sigstore's [security
Should you discover any security issues, please refer to Sigstore's [security
process](https://github.com/sigstore/.github/blob/main/SECURITY.md)

0 comments on commit a05c2f4

Please sign in to comment.