Skip to content

Commit

Permalink
chore: add COSIGN_PUBLIC_KEY for cosign verify
Browse files Browse the repository at this point in the history 
Signed-off-by: Gaius <gaius.qi@gmail.com>
  • Loading branch information
@gaius-qi
gaius-qi committed Sep 18, 2024
1 parent e044dae commit 74b4084
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,10 +117,12 @@ jobs:
run: |
docker buildx imagetools inspect dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
docker pull dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
cosign verify --key cosign.pub dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
cosign verify --key env://COSIGN_PUBLIC_KEY dragonflyoss/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
docker buildx imagetools inspect ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
docker pull ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
cosign verify --key cosign.pub ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
cosign verify --key env://COSIGN_PUBLIC_KEY ghcr.io/${{ env.IMAGE_REPOSITORY }}/${{ matrix.module }}:${{ steps.get_version.outputs.VERSION }}
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}

- uses: anchore/sbom-action@v0
with:
Expand Down

0 comments on commit 74b4084

Please sign in to comment.