From b127878ab6b7b4566571d9d1a04b0dee2b5879f7 Mon Sep 17 00:00:00 2001 From: Daniel Salazar Date: Fri, 26 Jul 2024 19:01:26 -0500 Subject: [PATCH] refac(back): #1351 adapt cosign - Adapt cosign command to avoid storing sensitive data in disk Signed-off-by: Daniel Salazar --- src/args/deploy-container/entrypoint.sh | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/args/deploy-container/entrypoint.sh b/src/args/deploy-container/entrypoint.sh index c58c34d3..036127c7 100644 --- a/src/args/deploy-container/entrypoint.sh +++ b/src/args/deploy-container/entrypoint.sh @@ -7,8 +7,7 @@ function deploy { local credentials_user="${4}" local tag="${5}" - : \ - && info Syncing container image: "${tag}" \ + : && info Syncing container image: "${tag}" \ && command=( skopeo --insecure-policy @@ -39,13 +38,14 @@ function sign { local tag="${5}" if [ "${sign}" = "1" ]; then - : \ - && info "Signing container image: ${tag}" \ - && cosign login "${registry}" -u "${credentials_user}" -p "${credentials_token}" \ - && cosign sign -y "${tag}" + : && info "Signing container image: ${tag}" \ + && cosign sign \ + --yes=true \ + --registry-username="${credentials_user}" \ + --registry-password="${credentials_token}" \ + "${tag}" else - : \ - && info "Skipping signing container ${tag}" + : && info "Skipping signing container ${tag}" fi } @@ -58,10 +58,7 @@ function main { local sign="__argSign__" local tag="__argTag__" - export COSIGN_EXPERIMENTAL="1" - - : \ - && deploy \ + : && deploy \ "${attempts}" \ "${container_image}" \ "${credentials_token}" \