mirror of
https://github.com/ublue-os/bazzite.git
synced 2025-01-10 06:51:52 +00:00
989be6a82e
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
49 lines
1.4 KiB
YAML
49 lines
1.4 KiB
YAML
name: Sign Image
|
|
|
|
# A workflow to sign an image on demand
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image:
|
|
description: 'Image to sign, including the tag'
|
|
required: true
|
|
|
|
jobs:
|
|
sign:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Login to GHCR
|
|
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Get digest
|
|
id: get-digest
|
|
env:
|
|
IMAGE_TO_SIGN: ${{ inputs.image }}
|
|
run: |
|
|
digest=$(skopeo inspect docker://$IMAGE_TO_SIGN --format '{{.Digest}}')
|
|
name=$(skopeo inspect docker://$IMAGE_TO_SIGN --format '{{.Name}}')
|
|
echo "DIGEST=$digest" >> $GITHUB_OUTPUT
|
|
echo "NAME=$name" >> $GITHUB_OUTPUT
|
|
|
|
- name: Setup Cosign
|
|
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
|
|
|
- name: Sign Image
|
|
env:
|
|
SIGNING_KEY: ${{ secrets.SIGNING_SECRET }}
|
|
IMAGE_NAME: ${{ steps.get-digest.outputs.NAME }}
|
|
IMAGE_DIGEST: ${{ steps.get-digest.outputs.DIGEST }}
|
|
run: |
|
|
cosign sign -y --key env://SIGNING_KEY $IMAGE_NAME@$IMAGE_DIGEST
|