From e983ae74670ea1517ba7fa10cdf852cff66837e7 Mon Sep 17 00:00:00 2001 From: frank zhu Date: Mon, 19 Aug 2024 13:13:52 -0500 Subject: [PATCH] add --yes flag to cosign verify --- .github/actions/build-sign-publish-chainlink/action.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-sign-publish-chainlink/action.yml b/.github/actions/build-sign-publish-chainlink/action.yml index b5322e32528..e1d85888a01 100644 --- a/.github/actions/build-sign-publish-chainlink/action.yml +++ b/.github/actions/build-sign-publish-chainlink/action.yml @@ -261,7 +261,7 @@ runs: shell: sh run: | echo "${{ inputs.cosign-public-key }}" > cosign.key - cosign verify --key cosign.key "${{ env.root_image_name }}" + cosign verify --key cosign.key "${{ env.root_image_name }}" --yes rm -f cosign.key - if: inputs.sign-images == 'true' && inputs.sign-method == 'keyless' @@ -277,6 +277,7 @@ runs: cosign verify "${{ env.root_image_name }}" \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ --certificate-identity "https://github.com/smartcontractkit/chainlink/.github/workflows/build-publish.yml@${{ github.ref }}" + --yes - if: inputs.sign-images == 'true' && inputs.sign-method == 'keypair' name: Sign the published non-root Docker image using keypair method @@ -293,7 +294,7 @@ runs: shell: sh run: | echo "${{ inputs.cosign-public-key }}" > cosign.key - cosign verify --key cosign.key "${{ env.nonroot_image_name }}" + cosign verify --key cosign.key "${{ env.nonroot_image_name }}" --yes rm -f cosign.key - if: inputs.sign-images == 'true' && inputs.sign-method == 'keyless' @@ -309,3 +310,4 @@ runs: cosign verify "${{ env.nonroot_image_name }}" --certificate-oidc-issuer https://token.actions.githubusercontent.com \ --certificate-identity "https://github.com/smartcontractkit/chainlink/.github/workflows/build-publish.yml@${{ github.ref }}" + --yes