Skip to content

Commit

Permalink
Fix issue with signing the Docker image
Browse files Browse the repository at this point in the history
  • Loading branch information
mostafa committed Aug 14, 2022
1 parent c881647 commit 052f73f
Showing 1 changed file with 5 additions and 17 deletions.
22 changes: 5 additions & 17 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,30 +69,18 @@ jobs:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
uses: sigstore/cosign-installer@main

- name: Copy the cosign keys 📋
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
run: |
echo "$COSIGN_PRIVATE_KEY" > cosign.key
echo "$COSIGN_PUBLIC_KEY" > cosign.pub
shell: bash
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}

- name: Sign the Docker image ✍️
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
run: cosign sign --key cosign.key mostafamoradian/xk6-kafka:${{ steps.meta.outputs.tags }}
run: cosign sign --key env://COSIGN_PRIVATE_KEY mostafamoradian/xk6-kafka:${{ steps.meta.outputs.tags }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

- name: Verify the Docker image signature ✅
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
run: cosign verify --key cosign.pub mostafamoradian/xk6-kafka:${{ steps.meta.outputs.tags }}

- name: Remove the cosign keys 🧹
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
run: rm -rf cosign.key cosign.pub
shell: bash
run: cosign verify --key env://COSIGN_PUBLIC_KEY mostafamoradian/xk6-kafka:${{ steps.meta.outputs.tags }}
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}

- name: Scan code with Trivy vulnerability scanner 🔍
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
Expand Down

0 comments on commit 052f73f

Please sign in to comment.