File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -186,6 +186,7 @@ jobs:
186186 run : |
187187 # Create the manifest list and push to both registries
188188 docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
189+ $(jq -r '.annotations | to_entries[] | "--annotation \(.key)=\(.value)"' <<<"$DOCKER_METADATA_OUTPUT_JSON")
189190 $(printf '${{ env.CONTAINER_IMAGE }}@sha256:%s ' *) \
190191 $(printf 'ghcr.io/${{ env.CONTAINER_IMAGE }}@sha256:%s ' *)
191192
@@ -203,6 +204,14 @@ jobs:
203204 docker buildx imagetools inspect ghcr.io/${{ env.CONTAINER_IMAGE }}:${{ steps.docker_meta.outputs.version }}
204205 echo "::endgroup::"
205206
207+ - name : Cosign sign images (GitHub OIDC)
208+ run : |
209+ cosign sign --yes \
210+ ${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
211+
212+ cosign sign --yes \
213+ ghcr.io/${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
214+
206215 - name : Attest docker build (DockerHub)
207216 uses : actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
208217 with :
@@ -217,14 +226,6 @@ jobs:
217226 subject-digest : ${{ steps.docker_build.outputs.digest }}
218227 push-to-registry : true
219228
220- - name : Cosign sign images ('^'GitHub OIDC)
221- run : |
222- cosign sign --yes \
223- ${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
224-
225- cosign sign --yes \
226- ghcr.io/${{ env.CONTAINER_IMAGE }}@${{ steps.docker_build.outputs.digest }}
227-
228229 argocd :
229230 if : github.event_name == 'release' || (github.event_name == 'push' && github.ref == 'refs/heads/main')
230231 runs-on : ubuntu-latest
You can’t perform that action at this time.
0 commit comments