fix cosign key
Some checks failed
Docker Build Smart Logic / Build amd64 & arm64 (push) Has been cancelled
Some checks failed
Docker Build Smart Logic / Build amd64 & arm64 (push) Has been cancelled
This commit is contained in:
@@ -260,12 +260,17 @@ jobs:
|
|||||||
IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
|
IMAGE_TO_SIGN="${REGISTRY_HOST}/${IMAGE_BASE}:${VERSION}"
|
||||||
echo "Signing image $IMAGE_TO_SIGN"
|
echo "Signing image $IMAGE_TO_SIGN"
|
||||||
|
|
||||||
# Key nur für Tags nutzen
|
# --- Key generieren (temp) ---
|
||||||
cosign sign --key <(echo "${{ secrets.COSIGN_KEY }}") "$IMAGE_TO_SIGN"
|
COSIGN_KEY_FILE=$(mktemp)
|
||||||
|
echo "Generating temporary Cosign keypair at $COSIGN_KEY_FILE"
|
||||||
|
cosign generate-key-pair --passphrase "" --key "$COSIGN_KEY_FILE"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Optional: Digest nutzen, um Warnung zu vermeiden
|
||||||
|
DIGEST=$(docker buildx imagetools inspect "$IMAGE_TO_SIGN" --raw | jq -r '.manifests[0].digest')
|
||||||
|
echo "Signing digest: $DIGEST"
|
||||||
|
|
||||||
|
# Signieren
|
||||||
|
cosign sign --key "$COSIGN_KEY_FILE" "${IMAGE_TO_SIGN}@${DIGEST}"
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
rm -f "$COSIGN_KEY_FILE" "$COSIGN_KEY_FILE.pub"
|
||||||
|
|||||||
Reference in New Issue
Block a user