-
Notifications
You must be signed in to change notification settings - Fork 61
49 lines (46 loc) · 3.08 KB
/
dockerhub-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
name: "Check Docker Hub images"
on:
schedule:
- cron: '37 6 * * 3'
permissions: {}
jobs:
dockerhub-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install yq
run: sudo snap install yq
- name: Check main image
run: DOCKER_CONTENT_TRUST=1 docker pull "$(yq e '.kubernetes.deployment.image.repository' helm/values.yaml):v$(yq e '.appVersion' helm/Chart.yaml)"
- name: Check all images
run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/connaisseur -a
- name: Check signed test image
run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/testimage:signed
- name: Check other signed test image
run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/testimage:special_sig
- name: Check unsigned test image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:unsigned
- name: Check Cosign signed test image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-signed
- name: Check Cosign unsigned test image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-unsigned
- name: Check Cosign test image signed with alternative key
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-signed-alt
- name: Check Cosign multisigner test image signed by alice
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-alice
- name: Check Cosign multisigner test image signed by bob
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-bob
- name: Check Cosign multisigner test image signed by charlie
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-charlie
- name: Check Cosign multisigner test image signed by bob and charlie
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-bob-charlie
- name: Check Cosign multisigner test image signed by charlie and alice
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-charlie-alice
- name: Check Cosign multisigner test image signed by alice, bob and charlie
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-alice-bob-charlie
- name: Check Cosign cosigned testimage not in rekor log
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:rekor-cosigned-notl
- name: Check Cosign cosigned testimage in rekor log
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:rekor-cosigned-tl
- name: Check alerting endpoint image
run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/alerting-endpoint