Merge e8c53777c1 into 83be5fb151

CI: Add an option to attach container signatures to the registry
The `build-push-image.yml` reusable workflow can generate keypairs and sign the container images with them. This is only used by the CI, to test that a valid signature is actually detected as such.
2025-04-28 18:02:38 +02:00 · 2025-04-23 14:01:31 +00:00 · 2025-04-23 16:01:22 +02:00
1 changed files with 2 additions and 1 deletions
--- a/.github/workflows/build-push-image.yml
+++ b/.github/workflows/build-push-image.yml
@ -54,6 +54,7 @@ jobs:
      debian_archive_date: ${{ steps.params.outputs.debian_archive_date }}
      source_date_epoch: ${{ steps.params.outputs.source_date_epoch }}
      image: ${{ steps.params.outputs.full_image_name }}
+      tag: ${{ steps.params.outputs.tag }}
    steps:
      - uses: actions/checkout@v4
        with:
@ -284,4 +285,4 @@ jobs:
          enableCrossOsArchive: true
      - name: Sign container
        run: |-
-          cosign sign --key dangerzone-test.key ${{ inputs.registry }}/${{ inputs.registry_user }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@sha256:${{ needs.merge.outputs.digest_root }}
+          cosign sign --key ${{ inputs.key_name }}.key ${{ inputs.registry }}/${{ inputs.image_name }}:${{ needs.merge.outputs.tag }}@${{ needs.merge.outputs.digest_root }}
Author	SHA1	Message	Date
Alexis Métaireau	88a703eda9	Merge `e8c53777c1` into `83be5fb151`	2025-04-23 14:01:31 +00:00
Alexis Métaireau	e8c53777c1	CI: Add an option to attach container signatures to the registry The `build-push-image.yml` reusable workflow can generate keypairs and sign the container images with them. This is only used by the CI, to test that a valid signature is actually detected as such.	2025-04-23 16:01:22 +02:00