apunkt/imageproxy
1
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2026-05-15 15:02:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

docker: go back to signing digests

Browse source 
apparently cosign doesn't like signing tags :)

WARNING: Image reference ghcr.io/willnorris/imageproxy:main uses a tag,
not a digest, to identify the image to sign.

This can lead you to sign a different image than the intended one.
Please use a digest (example.com/ubuntu@sha256:abc123...) rather than
tag (example.com/ubuntu:latest) for the input to cosign. The ability to
refer to images by tag will be removed in a future release.
This commit is contained in:
Will Norris 2022-12-06 08:58:50 -08:00
parent 631d363749
commit 93dcedd516
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/docker.yml vendored
View file

@ -58,6 +58,5 @@ jobs:
- name: Sign the published Docker image - name: Sign the published Docker image
if: github.event_name == 'push' if: github.event_name == 'push'
env: env:
TAGS: ${{ steps.meta.outputs.tags }}
COSIGN_EXPERIMENTAL: "true" COSIGN_EXPERIMENTAL: "true"
run: cosign sign ${TAGS} run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}