Skip to content

Commit

Permalink
ci: use image digest when signing image with cosign
Browse files Browse the repository at this point in the history
  • Loading branch information
@metaclips
metaclips committed Nov 27, 2023
1 parent 80e140b commit fb9fbce
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/distroless.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ jobs:
docker load < builder_image.tar
- name: Push Images
id: image_ref
run: |
set -ex
docker image ls
Expand Down Expand Up @@ -103,12 +104,12 @@ jobs:
with:
cosign_private_key: '${{ secrets.COSIGN_PRIVATE_KEY }}'
cosign_password: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
image: 'ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base:latest'
image: 'ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-base@${{ steps.image_ref.outputs.BASE }}'
ref: ${{ steps.image_ref.outputs.BASE }}

- uses: build-trust/.github/actions/image_cosign@custom-actions
with:
cosign_private_key: '${{ secrets.COSIGN_PRIVATE_KEY }}'
cosign_password: '${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}'
image: 'ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder:latest'
image: 'ghcr.io/${{ env.ORGANIZATION }}/ockam-elixir-builder@${{ steps.image_ref.outputs.BUILDER }}'
ref: ${{ steps.image_ref.outputs.BUILDER }}

0 comments on commit fb9fbce

Please sign in to comment.