Infrastructure/imageproxy
0
Fork 0
mirror of https://github.com/willnorris/imageproxy.git synced 2025-03-11 02:19:14 -05:00
Code Issues Activity

docker: go back to signing digests

Browse source 
apparently cosign doesn't like signing tags :)

WARNING: Image reference ghcr.io/willnorris/imageproxy:main uses a tag,
not a digest, to identify the image to sign.

This can lead you to sign a different image than the intended one.
Please use a digest (example.com/ubuntu@sha256:abc123...) rather than
tag (example.com/ubuntu:latest) for the input to cosign. The ability to
refer to images by tag will be removed in a future release.
This commit is contained in:
Will Norris 2022-12-06 08:58:50 -08:00
parent 631d363749
commit 93dcedd516
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.github/workflows/docker.yml vendored
View file

@ -58,6 +58,5 @@ jobs:
- name: Sign the published Docker image
if: github.event_name == 'push'
env:
TAGS: ${{ steps.meta.outputs.tags }}
COSIGN_EXPERIMENTAL: "true"
run: cosign sign ${TAGS}
run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}