mirror of
https://github.com/Sebclem/hassio-nextcloud-backup.git
synced 2024-11-25 10:32:58 +01:00
CI: Verify base image signature before build
This commit is contained in:
parent
219dc004da
commit
c884226819
5
.github/workflows/build_addon.yml
vendored
5
.github/workflows/build_addon.yml
vendored
@ -13,6 +13,8 @@ env:
|
|||||||
IMAGE: "hassio-nextcloud-backup"
|
IMAGE: "hassio-nextcloud-backup"
|
||||||
REPOSITORY: ghcr.io/sebclem
|
REPOSITORY: ghcr.io/sebclem
|
||||||
IMAGE_SOURCE: https://github.com/Sebclem/hassio-nextcloud-backup
|
IMAGE_SOURCE: https://github.com/Sebclem/hassio-nextcloud-backup
|
||||||
|
BASE_ISSUER: https://token.actions.githubusercontent.com
|
||||||
|
BASE_IDENTITY: https://github.com/home-assistant/docker-base/.*
|
||||||
|
|
||||||
permissions: write-all
|
permissions: write-all
|
||||||
|
|
||||||
@ -120,6 +122,9 @@ jobs:
|
|||||||
echo "url=$(yq .url nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
|
echo "url=$(yq .url nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
|
||||||
echo "build_from=ghcr.io/home-assistant/${{ matrix.arch }}-base:$(cat nextcloud_backup/.base_version)" >> $GITHUB_OUTPUT
|
echo "build_from=ghcr.io/home-assistant/${{ matrix.arch }}-base:$(cat nextcloud_backup/.base_version)" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
|
- name: Check base image signature
|
||||||
|
run: cosign verify --certificate-oidc-issuer-regexp "${{ env.BASE_ISSUER }}" --certificate-identity-regexp "${{ env.BASE_IDENTITY }}" "${{ steps.build_param.outputs['build_from'] }}"
|
||||||
|
|
||||||
- name: Docker meta
|
- name: Docker meta
|
||||||
id: meta
|
id: meta
|
||||||
uses: docker/metadata-action@v5
|
uses: docker/metadata-action@v5
|
||||||
|
Loading…
Reference in New Issue
Block a user