Merge pull request #23 from gkeesh7/container_signing

Experimenting with container signing
gkeesh7 · Aug 26, 2024 · 752cda4 · 752cda4
2 parents a7ae6fd + 4c2c87e
commit 752cda4
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/.github/workflows/publish-package-ghcr.yaml b/.github/workflows/publish-package-ghcr.yaml
@@ -19,3 +19,14 @@ jobs:
           docker login --username gkeesh7 --password ${{ secrets.GH_PAT }} ghcr.io
           docker build . --file Dockerfile --tag ghcr.io/gkeesh7/url-shortner:latest
           docker push ghcr.io/gkeesh7/url-shortner:latest
+
+      - uses: sigstore/cosign-installer@main
+
+      - name: Write signing key to disk 
+        run: echo "${{ secrets.SIGNING_SECRET }}" > cosign.key
+
+      - name: Sign the image
+        run: |
+          cosign sign -key cosign.key ghcr.io/gkeesh7/url-shortner:latest
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -22,4 +22,12 @@ services:
     ports:
       - 3000:3000
     depends_on:
-      - prometheus
+      - prometheus
+
+  db:
+    image: mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: ""
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+    ports:
+      - "3306:3306"