Skip to content

Commit

Permalink
ci: add yes option with cosign
Browse files Browse the repository at this point in the history
  • Loading branch information
@h-r-k-matsumoto
h-r-k-matsumoto committed Feb 20, 2024
1 parent f8526df commit 36f4546
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/releease.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,16 +61,16 @@ jobs:

- name: Attach SBOM file in image
run: |
cosign attest --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }}
cosign attest --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }}
cosign attest --yes --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }}
cosign attest --yes --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }}
shell: bash

- name: Published a signed image
env:
COSIGN_EXPERIMENTAL: "1"
run: |
cosign sign --key cosign.key ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }}
cosign sign --key cosign.key ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }}
cosign sign --yes --key cosign.key ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }}
cosign sign --yes --key cosign.key ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }}
release:
name: release
needs: build
Expand Down

0 comments on commit 36f4546

Please sign in to comment.