File tree 1 file changed +10
-2
lines changed
1 file changed +10
-2
lines changed Original file line number Diff line number Diff line change @@ -85,10 +85,18 @@ jobs:
8585
8686 # This will only write to the public Rekor transparency log when the Docker
8787 # repository is public to avoid leaking data. https://github.com/sigstore/cosign
88- - name : Sign the published Docker image
88+ - name : Sign the published Dockerhub image
8989 if : ${{ github.event_name != 'pull_request' }}
9090 env :
9191 COSIGN_EXPERIMENTAL : " true"
9292 # This step uses the identity token to provision an ephemeral certificate
9393 # against the sigstore community Fulcio instance.
94- run : cosign sign ${{ steps.docker_meta.outputs.tags }}@${{ steps.docker_build.outputs.digest }}
94+ run : cosign sign -a "repo=${{ github.repository }}" -r ${{ secrets.DOCKER_HUB_USERNAME }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }}
95+
96+ - name : Sign the published GitHub image
97+ if : ${{ github.event_name != 'pull_request' }}
98+ env :
99+ COSIGN_EXPERIMENTAL : " true"
100+ # This step uses the identity token to provision an ephemeral certificate
101+ # against the sigstore community Fulcio instance.
102+ run : cosign sign -a "repo=${{ github.repository }}" -r ghcr.io/${{ github.repository_owner }}/k8s-pvc-tagger@${{ steps.docker_build.outputs.digest }}
You can’t perform that action at this time.
0 commit comments