Skip to content

Commit

Permalink
Confirm prompt cosign
Browse files Browse the repository at this point in the history
  • Loading branch information
marcofranssen committed Dec 11, 2023
1 parent 778859e commit a701ced
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ jobs:
for t in ${TAGS}; do
cosign verify --key cosign.pub ${{ matrix.repo }}:${t}
syft ${{ matrix.repo }}:${t} -o spdx-json > sbom-spdx.json
cosign attest --predicate sbom-spdx.json --type spdx --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}:${t}
cosign attest --predicate sbom-spdx.json --type spdx --yes --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}:${t}
cosign verify-attestation -o verified-sbom-spdx.json --key cosign.pub ${{ matrix.repo }}:${t}
done
Expand Down Expand Up @@ -207,7 +207,7 @@ jobs:

- name: Sign provenance
run: |
cosign sign-blob --key env://COSIGN_PRIVATE_KEY --output-signature "${SIGNATURE}" provenance.att
cosign sign-blob --yes --key env://COSIGN_PRIVATE_KEY --output-signature "${SIGNATURE}" provenance.att
cat "${SIGNATURE}"
curl_args=(-s -H "Authorization: token ${GITHUB_TOKEN}")
Expand Down Expand Up @@ -262,7 +262,7 @@ jobs:
- name: Attach provenance to image
run: |
cosign attest --predicate provenance-predicate.att --type slsaprovenance --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}@${{ needs.release.outputs.container_digest }}
cosign attest --predicate provenance-predicate.att --type slsaprovenance --yes --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}@${{ needs.release.outputs.container_digest }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
Expand Down

0 comments on commit a701ced

Please sign in to comment.