fix: Sign images with all tags in a loop

chore: Added cosign.pub
shubms · Dec 8, 2024 · 5f879d1 · 5f879d1
1 parent 6618a16
commit 5f879d1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -82,8 +82,15 @@ jobs:
             c86c21ea-98cf-4ca9-b730-b2400146a3a5 > COSIGN_PASSWORD
 
       - name: Sign the container image
+        env:
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-push.outputs.digest }}
         run: |
-          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.image }}@${{ steps.build-push.outputs.digest }} ${{ steps.meta.outputs.tags }}
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${images}
 
       - name: Cleanup old images
         uses: actions/delete-package-versions@v5

diff --git a/cosign.pub b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELZQY2cPsUJ0+GXC/u9GJfKiZ8sNZ
+8idmUGhvnsTm5DjO3HFXueefNZuDZ163kujPfGkFuQ+kR1/KXYVXEhn9kA==
+-----END PUBLIC KEY-----