Skip to content

Commit

Permalink
feat(ci): Verify base/Chainguard image(s) with cosign before building (
Browse files Browse the repository at this point in the history
  • Loading branch information
EyeCantCU authored Dec 24, 2023
1 parent e48a816 commit b0703f9
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,27 @@ jobs:
is_stable_version: true
is_gts_version: false
steps:
- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6

# Checkout push-to-registry action GitHub repository
- name: Checkout Push to Registry action
uses: actions/checkout@v4

- name: Verify base image
uses: EyeCantCU/cosign-action/verify@v0.2.1
with:
containers: silverblue-${{ matrix.image_flavor }}:${{ matrix.major_version }}

- name: Verify Chainguard images
if: matrix.base_name != 'bluefin'
uses: EyeCantCU/cosign-action/verify@v0.2.1
with:
containers: flux, helm, ko, minio, kubectl
cert-identity: https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main
oidc-issuer: https://token.actions.githubusercontent.com
registry: cgr.dev/chainguard

- name: Maximize build space
uses: ublue-os/remove-unwanted-software@v6

- name: Check just syntax
uses: ublue-os/just-action@v1

Expand Down

0 comments on commit b0703f9

Please sign in to comment.