mirror of
https://github.com/Sebclem/hassio-nextcloud-backup.git
synced 2024-11-13 21:12:59 +01:00
CI: Verify base image signature before build
This commit is contained in:
parent
219dc004da
commit
c884226819
5
.github/workflows/build_addon.yml
vendored
5
.github/workflows/build_addon.yml
vendored
@ -13,6 +13,8 @@ env:
|
||||
IMAGE: "hassio-nextcloud-backup"
|
||||
REPOSITORY: ghcr.io/sebclem
|
||||
IMAGE_SOURCE: https://github.com/Sebclem/hassio-nextcloud-backup
|
||||
BASE_ISSUER: https://token.actions.githubusercontent.com
|
||||
BASE_IDENTITY: https://github.com/home-assistant/docker-base/.*
|
||||
|
||||
permissions: write-all
|
||||
|
||||
@ -120,6 +122,9 @@ jobs:
|
||||
echo "url=$(yq .url nextcloud_backup/config.yml)" >> $GITHUB_OUTPUT
|
||||
echo "build_from=ghcr.io/home-assistant/${{ matrix.arch }}-base:$(cat nextcloud_backup/.base_version)" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Check base image signature
|
||||
run: cosign verify --certificate-oidc-issuer-regexp "${{ env.BASE_ISSUER }}" --certificate-identity-regexp "${{ env.BASE_IDENTITY }}" "${{ steps.build_param.outputs['build_from'] }}"
|
||||
|
||||
- name: Docker meta
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
|
Loading…
Reference in New Issue
Block a user