From b505d50fa8c65f346ae542f0ed79400763d061e7 Mon Sep 17 00:00:00 2001
From: Michael Uti <utimichael9@gmail.com>
Date: Tue, 21 Nov 2023 19:18:41 +0100
Subject: [PATCH] ci: sign distroless images

---
 .github/workflows/distroless.yml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/distroless.yml b/.github/workflows/distroless.yml
index 3b018a31520..16973324ec3 100644
--- a/.github/workflows/distroless.yml
+++ b/.github/workflows/distroless.yml
@@ -5,9 +5,9 @@ on:
     inputs:
       commit_sha:
         description: Git commit sha, on which, to run this workflow
-  # push:
-  #   paths:
-  #     - 'tools/docker/wolfi/**'
+  push:
+    paths:
+      - 'tools/docker/wolfi/**'
 
 permissions:
   contents: read
@@ -62,7 +62,11 @@ jobs:
       - name: Get Image ref
         id: image_ref
         run: |
-          # TODO
+          base=$(docker image inspect ghcr.io/${REPOSITORY}/ockam-elixir-base:latest | jq -r .[0].Id)
+          builder=$(docker image inspect ghcr.io/${REPOSITORY}/ockam-elixir-builder:latest | jq -r .[0].Id)
+
+          echo "BUILDER=$builder" >> $GITHUB_OUTPUT
+          echo "BASE=$base" >> $GITHUB_OUTPUT
 
       - name: Install Cosign
         uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19
@@ -74,11 +78,11 @@ jobs:
           cosign_private_key: '${{ secrets.COSIGN_PRIVATE_KEY }}'
           cosign_password: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
           image: 'ghcr.io/${REPOSITORY}/ockam-elixir-base:latest'
-          ref: ${{ inputs.ref }}
+          ref: ${{ steps.image_ref.outputs.BASE }}
 
       - uses: build-trust/.github/actions/image_cosign@custom-actions
         with:
           cosign_private_key: '${{ secrets.COSIGN_PRIVATE_KEY }}'
           cosign_password: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
           image: 'ghcr.io/${REPOSITORY}/ockam-elixir-builder:latest'
-          ref: ${{ inputs.ref }}
+          ref: ${{ steps.image_ref.outputs.BUILDER }}