fix: added image signing (#29) - DOC-965

caroldelwing · web-flow · commit 73dbde55160f · 2024-01-08T15:17:47.000-03:00
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -62,6 +62,7 @@ jobs:
     - name: Build and push
       if: ${{ steps.dependencies.outputs.VERSION != ''}}
       uses: docker/build-push-action@v2
+      id: build-and-push
       with:
         context: .
         build-args: |
@@ -74,7 +75,23 @@ jobs:
         platforms: linux/amd64,linux/arm64
         push: true
         tags: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
-          
+    
+    - uses: sigstore/cosign-installer@v3.3.0
+
+    - name: Image Signing
+        run: |
+          cosign sign --yes \
+          -a "repo=${{ github.repository }}" \
+          -a "workflow=${{ github.workflow }}" \
+          -a "ref=${{ github.sha }}" \
+          -a "owner=Spectro Cloud" \
+          --key env://COSIGN_PRIVATE_KEY --recursive "${TAGS}@${DIGEST}"
+        env:
+          TAGS: ghcr.io/${{ github.repository }}:${{steps.dependencies.outputs.VERSION}}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+
 
   release:
     name: "Release"
