Merge 11ff9f0f46 into 83be5fb151

CI: Add an option to attach container signatures to the registry
The `build-push-image.yml` reusable workflow can generate keypairs and sign the container images with them. This is only used by the CI, to test that a valid signature is actually detected as such.
2025-05-02 11:42:23 +02:00 · 2025-04-23 13:28:55 +00:00 · 2025-04-23 15:28:48 +02:00
1 changed files with 1 additions and 2 deletions
--- a/.github/workflows/build-push-image.yml
+++ b/.github/workflows/build-push-image.yml
@ -54,7 +54,6 @@ jobs:
      debian_archive_date: ${{ steps.params.outputs.debian_archive_date }}
      source_date_epoch: ${{ steps.params.outputs.source_date_epoch }}
      image: ${{ steps.params.outputs.full_image_name }}
      tag: ${{ steps.params.outputs.tag }}
    steps:
      - uses: actions/checkout@v4
        with:
@ -285,4 +284,4 @@ jobs:
          enableCrossOsArchive: true
      - name: Sign container
        run: |-
-          cosign sign --key ${{ inputs.key_name }}.key ${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@${{ needs.merge.outputs.digest_root }}
+          cosign sign --key dangerzone-test.key ${{ inputs.registry }}/${{ inputs.registry_user }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@sha256:${{ needs.merge.outputs.digest_root }}
Author	SHA1	Message	Date
Alexis Métaireau	f2c25fa1f3	Merge `11ff9f0f46` into `83be5fb151`	2025-04-23 13:28:55 +00:00
Alexis Métaireau	11ff9f0f46	CI: Add an option to attach container signatures to the registry The `build-push-image.yml` reusable workflow can generate keypairs and sign the container images with them. This is only used by the CI, to test that a valid signature is actually detected as such.	2025-04-23 15:28:48 +02:00