ci: added image signing

spectrocloud · Jan 8, 2024 · 4ea9b2b · 4ea9b2b
1 parent 2d1cad4
commit 4ea9b2b
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -123,10 +123,27 @@ jobs:
 
     - name: Build and Push Docker Image
       uses: docker/[email protected]
+      id: build-and-push
       with:
         context: .
         platforms: linux/amd64,linux/arm64
         push: true
         tags: ghcr.io/${{ github.repository }}:${{ needs.tag.outputs.VERSION }}
         build-args: |
-          VERSION=${{ needs.tag.outputs.VERSION }}
+          VERSION=${{ needs.tag.outputs.VERSION }}
+
+    - uses: sigstore/[email protected]
+
+    - name: Image Signing
+      run: |
+        cosign sign --yes \
+        -a "repo=${{ github.repository }}" \
+        -a "workflow=${{ github.workflow }}" \
+        -a "ref=${{ github.sha }}" \
+        -a "owner=Spectro Cloud" \
+        --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
+      env:
+        TAGS: ghcr.io/${{ github.repository }}:${{ needs.tag.outputs.VERSION }}
+        COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+        COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        DIGEST: ${{ steps.build-and-push.outputs.digest }}