From 66aed04f0579fd85b65ed9546517834bb19f659a Mon Sep 17 00:00:00 2001 From: Kesara Rathnayake Date: Thu, 29 Sep 2022 15:27:18 +1300 Subject: [PATCH] chore: Remove cosign stage from Docker publish GHA (#239) --- .github/workflows/docker-publish.yml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 969fe6c4..cfaad9a7 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -31,15 +31,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v2 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@1e95c1de343b5b0c23352d6417ee3e48d5bcd422 - with: - cosign-release: 'v1.4.0' - - # Workaround: https://github.com/docker/build-push-action/issues/461 - name: Setup Docker buildx uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf @@ -74,16 +65,3 @@ jobs: push: ${{ github.event_name != 'pull_request' }} tags: ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }}, ghcr.io/${{ github.repository }}:latest labels: ${{ steps.meta.outputs.labels }} - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - COSIGN_EXPERIMENTAL: "true" - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: cosign sign ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build-and-push.outputs.digest }}