sebclem/hassio-nextcloud-backup
1
0
Fork 0
mirror of https://github.com/Sebclem/hassio-nextcloud-backup.git synced 2024-11-12 20:42:58 +01:00
Code Issues Projects Releases Wiki Activity

CI: Verify base image signature before build

Browse Source
This commit is contained in:
SebClem 2024-09-12 09:39:13 +02:00
parent 219dc004da
commit c884226819
Signed by: sebclem
GPG Key ID: 5A4308F6A359EA50
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/build_addon.yml vendored
View File

@ -13,6 +13,8 @@ env:
IMAGE: "hassio-nextcloud-backup"
REPOSITORY: ghcr.io/sebclem
IMAGE_SOURCE: https://github.com/Sebclem/hassio-nextcloud-backup
BASE_ISSUER: https://token.actions.githubusercontent.com
BASE_IDENTITY: https://github.com/home-assistant/docker-base/.*
permissions: write-all
@ -120,6 +122,9 @@ jobs:
echo "url=$(yq .url nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
echo "build_from=ghcr.io/home-assistant/${{ matrix.arch }}-base:$(cat nextcloud_backup/.base_version)" >> $GITHUB_OUTPUT
- name: Check base image signature
run: cosign verify --certificate-oidc-issuer-regexp "${{ env.BASE_ISSUER }}" --certificate-identity-regexp "${{ env.BASE_IDENTITY }}" "${{ steps.build_param.outputs['build_from'] }}"
- name: Docker meta
id: meta
uses: docker/metadata-action@v5