Skip to content

Commit

Permalink
Use cosign to verify upstream container
Browse files Browse the repository at this point in the history
  • Loading branch information
@thomasdesr
thomasdesr committed Jul 4, 2022
1 parent 9eed113 commit 13825da
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
9 changes: 9 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,15 @@ on:
name: CI

jobs:
verify_container_signatures:
name: "Verify upstream container's published signature matches"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: sigstore/cosign-installer@main
- run: |
cosign verify --key ./minisign-container-cosign.pub jedisct1/minisign@sha256:fab787053d0c6f600eb86344add051927caa729f1f73ebaba4aa42e0e7402609
verify:
name: "Verify"
runs-on: ubuntu-latest
Expand Down
4 changes: 4 additions & 0 deletions minisign-container-cosign.pub
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C
OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w==
-----END PUBLIC KEY-----

0 comments on commit 13825da

Please sign in to comment.