Skip to content

Check Docker Hub images #194

Check Docker Hub images

Check Docker Hub images #194

name: "Check Docker Hub images"
on:
schedule:
- cron: '37 6 * * 3'
permissions: {}
jobs:
dockerhub-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install yq
run: sudo snap install yq
- name: Check main image
run: DOCKER_CONTENT_TRUST=1 docker pull "$(yq e '.kubernetes.deployment.image.repository' helm/values.yaml):v$(yq e '.appVersion' helm/Chart.yaml)"
- name: Check all images
run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/connaisseur -a
- name: Check signed test image
run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/testimage:signed
- name: Check other signed test image
run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/testimage:special_sig
- name: Check unsigned test image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:unsigned
- name: Check Cosign signed test image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-signed
- name: Check Cosign unsigned test image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-unsigned
- name: Check Cosign test image signed with alternative key
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-signed-alt
- name: Check Cosign multisigner test image signed by alice
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-alice
- name: Check Cosign multisigner test image signed by bob
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-bob
- name: Check Cosign multisigner test image signed by charlie
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-charlie
- name: Check Cosign multisigner test image signed by bob and charlie
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-bob-charlie
- name: Check Cosign multisigner test image signed by charlie and alice
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-charlie-alice
- name: Check Cosign multisigner test image signed by alice, bob and charlie
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-alice-bob-charlie
- name: Check Cosign cosigned testimage not in rekor log
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:rekor-cosigned-notl
- name: Check Cosign cosigned testimage in rekor log
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:rekor-cosigned-tl
- name: Check alerting endpoint image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/alerting-endpoint