pub/cosign-images
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init
Some checks failed
build, sign and push / build-and-sign (push) Failing after 20s
Details

Browse Source
This commit is contained in:
Vassiliy Yegorov
2026-03-26 19:12:56 +07:00
parent 60cb08b767
commit a20ea58879
3 changed files with 23 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
.gitea/workflows/build-sign-push.yaml
View File

@@ -9,22 +9,27 @@ env:
REGISTRY: git.realmanual.ru REGISTRY: git.realmanual.ru
IMAGE: git.realmanual.ru/${{ gitea.repository }} IMAGE: git.realmanual.ru/${{ gitea.repository }}
permissions:
contents: read
packages: write
jobs: jobs:
build-and-sign: build-and-sign:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions: container: catthehacker/ubuntu:act-latest
contents: read
packages: write
steps: steps:
- name: checkout - uses: actions/checkout@v4
uses: actions/checkout@v4 with:
# --- build --- fetch-depth: 1
- name: set up docker buildx - name: Install Cosign
uses: docker/setup-buildx-action@v3 uses: sigstore/cosign-installer@v4.1.0
- name: Set up QEMU
uses: docker/setup-qemu-action@v3.6.0
- name: Read Version - name: Read Version
id: version id: version
run: echo "VERSION=$(cat image/VERSION)" >> $GITHUB_OUTPUT run: echo "VERSION=$(cat backend/VERSION)" >> $GITHUB_OUTPUT
- name: login to registry - name: login to registry
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
@@ -34,7 +39,7 @@ jobs:
- name: build and push - name: build and push
id: build id: build
uses: docker/build-push-action@v5 uses: docker/build-push-action@v6
with: with:
context: ./image context: ./image
push: true push: true
@@ -45,12 +50,6 @@ jobs:
# digest понадобится для подписи — по тегу подписывать нельзя # digest понадобится для подписи — по тегу подписывать нельзя
outputs: type=image,push=true outputs: type=image,push=true
# --- sign ---
# cosign надо ставить отдельно — в ubuntu-latest его нет
- name: install cosign
uses: sigstore/cosign-installer@v3
with:
cosign-release: 'v3.0.5'
- name: sign image - name: sign image
env: env:
@@ -69,5 +68,5 @@ jobs:
IMAGE_DIGEST: ${{ steps.build.outputs.digest }} IMAGE_DIGEST: ${{ steps.build.outputs.digest }}
run: | run: |
cosign verify \ cosign verify \
--key cosign.pub \ --key keys/cosign.pub \
${{ env.IMAGE }}@${IMAGE_DIGEST} ${{ env.IMAGE }}@${IMAGE_DIGEST}

3
.gitignore vendored
View File

@@ -1 +1,2 @@
keys/* keys/cosign.key
keys/.env

4
keys/cosign.pub Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZZ/9MbR3WZg9K/pk936vukFjeWVt
2oMpW4OmElpIq1aH3jZIA03Hwm7FVdhyumb1vPu5k0DOV8RX4UIs6rkhzA==
-----END PUBLIC KEY-----