update cosing version + drone.yml

2025-11-08 17:44:22 +01:00
parent a2b7a158f1
commit 41baec52f0
2 changed files with 22 additions and 17 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -56,22 +56,27 @@ steps:
  # --------------------------------------------------
  # 2️⃣ Sign Image with Cosign (Secret-Key aus Variable)
  # --------------------------------------------------
-  - name: sign-image
+- name: sign-image
-    image: gcr.io/projectsigstore/cosign:v2.4.0
+  image: alpine:3.20
-    entrypoint: ["cosign"]
+  environment:
-    args:
+    COSIGN_KEY:
-      - "sign"
+      from_secret: COSIGN_KEY
-      - "--yes"
+    COSIGN_PASSWORD:
-      - "--key"
+      from_secret: COSIGN_PASSWORD
-      - "env://COSIGN_KEY"
+    IMAGE_DIGEST:
-      - "$IMAGE_DIGEST"
+      from_secret: IMAGE_DIGEST  # Optional – oder aus export-env
-    environment:
+  commands:
-      COSIGN_KEY:
+    - echo "=== 🔏 Installing Cosign v3.0.2 ==="
-        from_secret: COSIGN_KEY
+    - apk add --no-cache curl ca-certificates
-      COSIGN_PASSWORD:
+    - curl -sSL -o /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/download/v3.0.2/cosign-linux-amd64
-        from_secret: COSIGN_PASSWORD
+    - chmod +x /usr/local/bin/cosign
-    depends_on:
+
-      - export-env
+    - echo "=== 🔏 Signing Image ==="
    - cosign version
    - cosign sign --yes --key env://COSIGN_KEY "$IMAGE_DIGEST"
    - echo "✅ Image signed successfully."
  depends_on:
    - export-env
  # --------------------------------------------------
  # 3️⃣ Create Gitea Release
--- a/2
+++ b/2
@@ -26,7 +26,7 @@ RUN apk add --no-cache \
 # --- Cosign installieren ---
 RUN wget -qO /usr/local/bin/cosign \
-      https://github.com/sigstore/cosign/releases/download/v2.4.0/cosign-linux-amd64 && \
+      https://github.com/sigstore/cosign/releases/download/v3.0.2/cosign-linux-amd64 && \
    chmod +x /usr/local/bin/cosign
 # --- Entrypoint-Skript ---