pub/cosign-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init
Some checks failed
build, sign and push / build-and-sign (push) Failing after 20s
Details

Browse Source
This commit is contained in:
Vassiliy Yegorov
2026-03-26 19:12:56 +07:00
parent 60cb08b767
commit a20ea58879
3 changed files with 23 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.gitea/workflows/build-sign-push.yaml
View File

@@ -9,22 +9,27 @@ env:
REGISTRY: git.realmanual.ru
IMAGE: git.realmanual.ru/${{ gitea.repository }}
permissions:
contents: read
packages: write
jobs:
build-and-sign:
runs-on: ubuntu-22.04
permissions:
contents: read
packages: write
container: catthehacker/ubuntu:act-latest
steps:
- name: checkout
uses: actions/checkout@v4
# --- build ---
- name: set up docker buildx
uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Install Cosign
uses: sigstore/cosign-installer@v4.1.0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.6.0
- name: Read Version
id: version
run: echo "VERSION=$(cat image/VERSION)" >> $GITHUB_OUTPUT
run: echo "VERSION=$(cat backend/VERSION)" >> $GITHUB_OUTPUT
- name: login to registry
uses: docker/login-action@v3
with:
@@ -34,7 +39,7 @@ jobs:
- name: build and push
id: build
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6
with:
context: ./image
push: true
@@ -45,12 +50,6 @@ jobs:
# digest понадобится для подписи — по тегу подписывать нельзя
outputs: type=image,push=true
# --- sign ---
# cosign надо ставить отдельно — в ubuntu-latest его нет
- name: install cosign
uses: sigstore/cosign-installer@v3
with:
cosign-release: 'v3.0.5'
- name: sign image
env:
@@ -69,5 +68,5 @@ jobs:
IMAGE_DIGEST: ${{ steps.build.outputs.digest }}
run: |
cosign verify \
--key cosign.pub \
--key keys/cosign.pub \
${{ env.IMAGE }}@${IMAGE_DIGEST}

3
.gitignore vendored
View File

@@ -1 +1,2 @@
keys/*
keys/cosign.key
keys/.env

4
keys/cosign.pub Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZ/9MbR3WZg9K/pk936vukFjeWVt
2oMpW4OmElpIq1aH3jZIA03Hwm7FVdhyumb1vPu5k0DOV8RX4UIs6rkhzA==
-----END PUBLIC KEY-----