Skip to content

Commit

Permalink
feat(sign): Use Chainguard's cosign image in place of cosign-installer
Browse files Browse the repository at this point in the history
  • Loading branch information
@EyeCantCU
EyeCantCU committed Jan 7, 2024
1 parent 11f8c11 commit 0d20245
Showing 1 changed file with 1 addition and 4 deletions.
5 changes: 1 addition & 4 deletions sign/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,12 @@ runs:
username: ${{ github.actor }}
password: ${{ inputs.registry-token }}

- name: Install cosign
uses: sigstore/cosign-installer@v3.3.0

- name: Sign container image
shell: bash
run: |
REGISTRY=$(echo ${{ inputs.registry }} | awk '{print tolower($0)}')
for CONTAINER in $(echo "${CONTAINERS}" | tr "," "\n"); do
cosign sign -y --key env://COSIGN_PRIVATE_KEY $REGISTRY/${CONTAINER}@${TAGS}
podman run --env-host cgr.dev/chainguard/cosign sign -y --key env://COSIGN_PRIVATE_KEY $REGISTRY/${CONTAINER}@${TAGS}
done
env:
CONTAINERS: ${{ inputs.containers }}
Expand Down

0 comments on commit 0d20245

Please sign in to comment.