Sign docker image

This commit is contained in:
SebClem 2024-09-10 16:56:26 +02:00
parent d25caa17bf
commit 2471dff3a8
Signed by: sebclem
GPG Key ID: 5A4308F6A359EA50

View File

@ -101,6 +101,9 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Install Cosign
uses: sigstore/cosign-installer@v3.6.0
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
@ -148,6 +151,7 @@ jobs:
- name: Build and push ${{matrix.arch}} - name: Build and push ${{matrix.arch}}
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
id: build-and-push
with: with:
push: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.event_name == 'release') }} push: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.event_name == 'release') }}
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
@ -162,6 +166,18 @@ jobs:
context: ./${{env.TARGET}}/ context: ./${{env.TARGET}}/
platforms: ${{ matrix.arch_value }} platforms: ${{ matrix.arch_value }}
- name: Sign the images with GitHub OIDC Token
if: ${{ github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.event_name == 'release') }}
env:
DIGEST: ${{ steps.build-and-push.outputs.digest }}
TAGS: ${{ steps.meta.outputs.tags }}
run: |
images=""
for tag in ${TAGS}; do
images+="${tag}@${DIGEST} "
done
cosign sign --yes ${images}
update_main_ha_repository: update_main_ha_repository:
name: Update HA addon repository name: Update HA addon repository
runs-on: ubuntu-latest runs-on: ubuntu-latest