Skip to content

Latest commit

 

History

History
147 lines (103 loc) · 11 KB

File metadata and controls

147 lines (103 loc) · 11 KB

Icon GitHub Action: Docker - Sign images

Docker - Sign images

Marketplace Release License Stars PRs Welcome GitHub Verified Creator

Overview

Action to sign OCI images. It is based on cosign. It signs the images with the GitHub Actions OIDC token. If the provided image does not have a digest, it will retrieve the digest using docker buildx imagetools inspect.

Permissions

If default GitHub token is used, the following permissions are required:

permissions:
  id-token: write

Usage

- uses: hoverkraft-tech/ci-github-container/actions/docker/sign-images@cfc7074e26bbfbdf33f163d209d2c14957358152 # 0.38.0
  with:
    # Images to sign.
    # Can be a single image or a list of images separated by commas or newlines or spaces.
    # The images should be in the format `registry/name:tag@digest`.
    # It can also be a list of images in JSON format.
    # Example:
    #
    # ```json
    # [
    # "ghcr.io/my-org/my-repo/application:pr-63-5222075@sha256:d31aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f49d",
    # "ghcr.io/my-org/my-repo/application:pr-63@sha256:0f5aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f402"
    # ]
    # ```
    #
    # If the image does not have a digest, it will retrieve the digest using `docker buildx imagetools inspect`.
    #
    # This input is required.
    images: ""

    # GitHub Token to sign the image.
    # Permissions:
    # - `id-token`: `write`
    #
    # Default: `${{ github.token }}`
    github-token: ${{ github.token }}

Inputs

Input Description Required Default
images Images to sign. true -
Can be a single image or a list of images separated by commas or newlines or spaces.
The images should be in the format registry/name:tag@digest.
It can also be a list of images in JSON format.
Example:
[
 "ghcr.io/my-org/my-repo/application:pr-63-5222075@sha256:d31aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f49d",
 "ghcr.io/my-org/my-repo/application:pr-63@sha256:0f5aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f402"
]
If the image does not have a digest, it will retrieve the digest using docker buildx imagetools inspect.
github-token GitHub Token to sign the image. false ${{ github.token }}
Permissions:
- id-token: write

Contributing

Contributions are welcome! Please see the contributing guidelines for more details.

License

This project is licensed under the MIT License.

SPDX-License-Identifier: MIT

Copyright © 2026 hoverkraft

For more details, see the license.


This documentation was automatically generated by CI Dokumentor.