From 695cbe518a3c44662f91ccda0892174f6a4a018a Mon Sep 17 00:00:00 2001 From: Noel Miller Date: Sun, 3 Mar 2024 11:39:58 -0600 Subject: [PATCH] feat: Updated build.yml to include container signing section --- .github/workflows/build.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fdd54f0..96547dc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -20,7 +20,7 @@ env: MY_IMAGE_NAME: "custom-silverblue" # the name of the image produced by this build ARG_SOURCE_IMAGE: "silverblue" # see Containerfile for list of possible upstream images ARG_SOURCE_SUFFIX: "main" # see Containerfile - ARG_FEDORA_VERSION: "38" # see Containerfile + ARG_FEDORA_VERSION: "39" # see Containerfile ARG_NVIDIA_VERSION: "" # see Containerfile IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}" # do not edit @@ -156,3 +156,22 @@ jobs: password: ${{ env.REGISTRY_PASSWORD }} extra-args: | --disable-content-trust + + # This section is optional and only needs to be enabled in you plan on distributing + # your project to others to consume. You will need to create a public and private key + # using Cosign and save the private key as a repository secret in Github for this workflow + # to consume. For more details, review the image signing section of the README. + + # Sign container + + #- uses: sigstore/cosign-installer@v3.4.0 + # if: github.event_name != 'pull_request' + + #- name: Sign container image + # if: github.event_name != 'pull_request' + # run: | + # cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS} + # env: + # TAGS: ${{ steps.push.outputs.digest }} + # COSIGN_EXPERIMENTAL: false + # COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}