pi-farm/test2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix sign key
All checks were successful
Docker Build Smart Logic / Build amd64 & arm64 (push) Successful in 23s
Details

Browse Source
This commit is contained in:
info@pi-farm.de
2026-02-09 21:43:56 +01:00
parent 13d5fc7785
commit 8b6b167113
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.gitea/workflows/docker-builder.yml
View File

@@ -260,17 +260,18 @@ jobs:
IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}" IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
echo "Signing image $IMAGE_TO_SIGN" echo "Signing image $IMAGE_TO_SIGN"
# --- Key generieren (temp) --- # --- Temporary keypair ---
COSIGN_KEY_FILE=$(mktemp) COSIGN_KEY_FILE=$(mktemp)
echo "Generating temporary Cosign keypair at $COSIGN_KEY_FILE" echo "Generating temporary Cosign keypair at $COSIGN_KEY_FILE"
cosign generate-key-pair --passphrase "" --key "$COSIGN_KEY_FILE" cosign generate-key-pair --key "$COSIGN_KEY_FILE"
# Optional: Digest nutzen, um Warnung zu vermeiden # --- Get digest to avoid tag warning ---
DIGEST=$(docker buildx imagetools inspect "$IMAGE_TO_SIGN" --raw | jq -r '.manifests[0].digest') DIGEST=$(docker buildx imagetools inspect "$IMAGE_TO_SIGN" --raw | jq -r '.manifests[0].digest')
echo "Signing digest: $DIGEST" echo "Signing digest: $DIGEST"
# Signieren # --- Sign image ---
cosign sign --key "$COSIGN_KEY_FILE" "${IMAGE_TO_SIGN}@${DIGEST}" cosign sign --key "$COSIGN_KEY_FILE" "${IMAGE_TO_SIGN}@${DIGEST}"
# Cleanup # --- Cleanup ---
rm -f "$COSIGN_KEY_FILE" "$COSIGN_KEY_FILE.pub" rm -f "$COSIGN_KEY_FILE" "$COSIGN_KEY_FILE.pub"