CI: Cache the cosign keypair

2025-04-29 02:12:36 +02:00 · 2025-04-25 18:39:45 +02:00 · 2025-04-25 18:39:45 +02:00 · b579a4d0c5
commit b579a4d0c5
parent 3589a27398
1 changed files with 12 additions and 2 deletions
--- a/.github/workflows/build-push-image.yml
+++ b/.github/workflows/build-push-image.yml
@ -25,7 +25,8 @@ on:
      key_cache:
        required: false
        type: string
-        default: "v1-keypair-${{ github.ref_name }}" # unique for the branch / PR
+        # cosign keys are unique for the ref
+        default: "v1-keypair-${{ github.ref_name }}"
    secrets:
      registry_token:
        required: true
@ -282,7 +283,16 @@ jobs:
          cosign-release: 'v2.5.0'
      - name: Check install
        run: cosign version
-      - name: Generate keypair
+      - name: Cache keypair
+        id: cache-keypair
+        uses: actions/cache@v4
+        with:
+          path: "${{ inputs.key_name }}.*"
+          key: ${{ inputs.key_cache }}
+          enableCrossOsArchive: true
+      - if: ${{ steps.cache-keypair.outputs.cache-hit != 'true' }}
+        continue-on-error: true
+        name: Generate keypair
        run: |-
          cosign generate-key-pair --output-key-prefix="${{ inputs.key_name }}"
      - name: Cache keypair