From a701cedd6b7ebc932cca034bebd772eb6b847fd7 Mon Sep 17 00:00:00 2001 From: Marco Franssen Date: Mon, 11 Dec 2023 10:51:30 +0100 Subject: [PATCH] Confirm prompt cosign --- .github/workflows/ci.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index f83dd5fd..7b562fc1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -174,7 +174,7 @@ jobs: for t in ${TAGS}; do cosign verify --key cosign.pub ${{ matrix.repo }}:${t} syft ${{ matrix.repo }}:${t} -o spdx-json > sbom-spdx.json - cosign attest --predicate sbom-spdx.json --type spdx --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}:${t} + cosign attest --predicate sbom-spdx.json --type spdx --yes --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}:${t} cosign verify-attestation -o verified-sbom-spdx.json --key cosign.pub ${{ matrix.repo }}:${t} done @@ -207,7 +207,7 @@ jobs: - name: Sign provenance run: | - cosign sign-blob --key env://COSIGN_PRIVATE_KEY --output-signature "${SIGNATURE}" provenance.att + cosign sign-blob --yes --key env://COSIGN_PRIVATE_KEY --output-signature "${SIGNATURE}" provenance.att cat "${SIGNATURE}" curl_args=(-s -H "Authorization: token ${GITHUB_TOKEN}") @@ -262,7 +262,7 @@ jobs: - name: Attach provenance to image run: | - cosign attest --predicate provenance-predicate.att --type slsaprovenance --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}@${{ needs.release.outputs.container_digest }} + cosign attest --predicate provenance-predicate.att --type slsaprovenance --yes --key env://COSIGN_PRIVATE_KEY ${{ matrix.repo }}@${{ needs.release.outputs.container_digest }} env: COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}