From a62185299df955dd95bc827a542ddeb552beced9 Mon Sep 17 00:00:00 2001 From: Kornilios Kourtis Date: Tue, 31 Oct 2023 15:18:48 +0100 Subject: [PATCH] gh: use cosign sign -y Signed-off-by: Kornilios Kourtis --- .github/workflows/build-clang-image.yaml | 4 ++-- .github/workflows/build-images-ci.yml | 8 ++++---- .github/workflows/build-images-releases.yml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build-clang-image.yaml b/.github/workflows/build-clang-image.yaml index 9c8a511ca20..b1521b84a0d 100644 --- a/.github/workflows/build-clang-image.yaml +++ b/.github/workflows/build-clang-image.yaml @@ -80,7 +80,7 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/clang@${{ steps.docker_build_release.outputs.digest }} - name: Install Bom if: github.event_name == 'push' @@ -112,7 +112,7 @@ jobs: docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/clang:${docker_build_release_digest/:/-}.sbom" docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/clang@${docker_build_release_sbom_digest}" - name: Image Release Digest if: github.event_name == 'push' diff --git a/.github/workflows/build-images-ci.yml b/.github/workflows/build-images-ci.yml index ec574bb098d..7ada528995b 100644 --- a/.github/workflows/build-images-ci.yml +++ b/.github/workflows/build-images-ci.yml @@ -110,7 +110,7 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_main.outputs.digest }} - name: Generate SBOM if: github.event_name == 'push' @@ -134,7 +134,7 @@ jobs: docker_build_ci_main_digest="${{ steps.docker_build_ci_main.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_main_digest/:/-}.sbom" docker_build_ci_main_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_main_sbom_digest}" - name: CI Image Releases digests (main) if: github.event_name == 'push' @@ -164,7 +164,7 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_ci_pr.outputs.digest }} - name: Generate SBOM if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' @@ -188,7 +188,7 @@ jobs: docker_build_ci_pr_digest="${{ steps.docker_build_ci_pr.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_ci_pr_digest/:/-}.sbom" docker_build_ci_pr_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_ci_pr_sbom_digest}" - name: CI Image Releases digests (PR) if: github.event_name == 'pull_request_target' || github.event_name == 'pull_request' diff --git a/.github/workflows/build-images-releases.yml b/.github/workflows/build-images-releases.yml index bfe9689bf7a..dd6f325fd13 100644 --- a/.github/workflows/build-images-releases.yml +++ b/.github/workflows/build-images-releases.yml @@ -84,8 +84,8 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }} - cosign sign quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${{ steps.docker_build_release.outputs.digest }} + cosign sign -y quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${{ steps.docker_build_release.outputs.digest }} - name: Install Bom if: ${{ startsWith(steps.tag.outputs.tag, 'v') }} @@ -118,11 +118,11 @@ jobs: docker_build_release_digest="${{ steps.docker_build_release.outputs.digest }}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${docker_build_release_digest/:/-}.sbom" docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}@${docker_build_release_sbom_digest}" image_name="quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci:${docker_build_release_digest/:/-}.sbom" docker_build_release_sbom_digest="sha256:$(docker buildx imagetools inspect --raw ${image_name} | sha256sum | head -c 64)" - cosign sign "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}" + cosign sign -y "quay.io/${{ github.repository_owner }}/${{ matrix.name }}-ci@${docker_build_release_sbom_digest}" - name: Image Release Digest shell: bash