drone yaml add cosign login
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
14
.drone.yml
14
.drone.yml
@@ -63,17 +63,25 @@ steps:
|
||||
from_secret: COSIGN_KEY
|
||||
COSIGN_PASSWORD:
|
||||
from_secret: COSIGN_PASSWORD
|
||||
IMAGE_DIGEST:
|
||||
from_secret: IMAGE_DIGEST # Optional – oder aus export-env
|
||||
REGISTRY_URL:
|
||||
from_secret: REGISTRY_URL
|
||||
DOCKER_USER:
|
||||
from_secret: DOCKER_USER
|
||||
DOCKER_PASS:
|
||||
from_secret: DOCKER_PASS
|
||||
commands:
|
||||
- echo "=== 🔏 Installing Cosign v3.0.2 ==="
|
||||
- . build.env
|
||||
- apk add --no-cache curl ca-certificates
|
||||
- curl -sSL -o /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/download/v3.0.2/cosign-linux-amd64
|
||||
- chmod +x /usr/local/bin/cosign
|
||||
- cosign version
|
||||
|
||||
- echo "=== 🔐 Logging in to registry for signing ==="
|
||||
- cosign version
|
||||
- echo "$DOCKER_PASS" | cosign login --username "$DOCKER_USER" --password-stdin "$REGISTRY_URL"
|
||||
|
||||
- echo "=== 🔏 Signing Image ==="
|
||||
- cosign version
|
||||
- cosign sign --yes --key env://COSIGN_KEY "$IMAGE_DIGEST"
|
||||
- echo "✅ Image signed successfully."
|
||||
depends_on:
|
||||
|
||||
Reference in New Issue
Block a user