WIP: enable signing with cosign

Signed-off-by: Jason Hall <jason@chainguard.dev>
2026-01-20 17:48:55 +08:00 · 2023-11-09 13:14:40 -05:00 · 2023-11-09 13:14:40 -05:00 · 898ec8408f
commit 898ec8408f
parent fdf7f43ecf
6 changed files with 98 additions and 3 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -28,6 +28,51 @@ env:
  BUILDKIT_IMAGE: moby/buildkit:buildx-stable-1

 jobs:
+  minimal-sign:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+        with:
+          path: action
+
+      -
+        name: Set up Cosign
+        uses: sigstore/cosign-installer@v3.2.0
+
+      -
+        name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: ${{ inputs.buildx-version || env.BUILDX_VERSION }}
+          driver-opts: |
+            network=host
+            image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }}
+
+      -
+        name: Build and push
+        id: docker_build
+        uses: ./action
+        with:
+          file: ./test/Dockerfile
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64
+          push: true
+          sign: true
+          tags: |
+            localhost:5000/name/app:latest
+            localhost:5000/name/app:1.0.0
+
  minimal:
    runs-on: ubuntu-latest
    steps:
@ -36,6 +81,7 @@ jobs:
        uses: actions/checkout@v4
        with:
          path: action
+
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3