forked from TrueCloudLab/certificates
Merge pull request #694 from smallstep/max/docker-cosign
[action] sign and push sigs for multi-arch docker containers w/ cosign
This commit is contained in:
Max
GitHub
commit
8a2b2db608
2 changed files with 18 additions and 3 deletions
19
.github/workflows/release.yml
vendored
19
.github/workflows/release.yml
vendored
|
|
@ -158,13 +158,25 @@ jobs:
|
|||
runs-on: ubuntu-20.04
|
||||
needs: test
|
||||
steps:
|
||||
- name: Checkout
|
||||
-
|
||||
name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
- name: Setup Go
|
||||
-
|
||||
name: Setup Go
|
||||
uses: actions/setup-go@v2
|
||||
with:
|
||||
go-version: '1.16'
|
||||
- name: Build
|
||||
-
|
||||
name: Install cosign
|
||||
uses: sigstore/cosign-installer@main
|
||||
with:
|
||||
cosign-release: 'v1.1.0'
|
||||
-
|
||||
name: Write cosign key to disk
|
||||
id: write_key
|
||||
run: echo "${{ secrets.COSIGN_KEY }}" > "/tmp/cosign.key"
|
||||
-
|
||||
name: Build
|
||||
id: build
|
||||
run: |
|
||||
PATH=$PATH:/usr/local/go/bin:/home/admin/go/bin
|
||||
|
|
@ -172,3 +184,4 @@ jobs:
|
|||
env:
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
||||
COSIGN_PWD: ${{ secrets.COSIGN_PWD }}
|
||||
|
|
|
|||
|
|
@ -54,6 +54,8 @@ define DOCKER_BUILDX
|
|||
# $(1) -- Image Tag
|
||||
# $(2) -- Push (empty is no push | --push will push to dockerhub)
|
||||
docker buildx build . --progress plain -t $(DOCKER_IMAGE_NAME):$(1) -f docker/Dockerfile.step-ca --platform="$(DOCKER_PLATFORMS)" $(2)
|
||||
echo -n "$(COSIGN_PWD)" | cosign sign -key /tmp/cosign.key -r $(DOCKER_IMAGE_NAME):$(1)
|
||||
|
||||
endef
|
||||
|
||||
# For non-master builds don't build the docker containers.
|
||||
|
|
|
|||
Loading…
Reference in a new issue