Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Cosign signing and verification to OCI docs #1167

Merged
merged 1 commit into from
Sep 29, 2022
Merged

Add Cosign signing and verification to OCI docs #1167

merged 1 commit into from
Sep 29, 2022

Conversation

stefanprodan
Copy link
Member

Add Cosign signing and Flux verification to the OCI artifacts guide.

Part of: fluxcd/flux2#3155

⚠️ To be merged after Flux v0.35 release!

@stefanprodan stefanprodan added the area/docs Documentation related issues and pull requests label Sep 29, 2022
@stefanprodan stefanprodan mentioned this pull request Sep 29, 2022
Closed
11 tasks
@stefanprodan stefanprodan force-pushed the cosign-verify branch 3 times, most recently from 83d7138 to 225345c Compare September 29, 2022 08:24
hiddeco
hiddeco reviewed Sep 29, 2022
View reviewed changes
content/en/flux/cheatsheets/oci-artifacts.md
Push and sign the artifact using the Cosign private key:

```shell
flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:$(git tag --points-at HEAD) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe replace ghcr.io/... here with <image reference>? I see it is also used in the examples above, but would think it is easier for people to follow when they have guidance on what needs to be replaced. Instead of accidentally copying the command in full, then discovering they can not push to this image repository, to then figure out what needs replacing.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The guide starts by telling people to clone podinfo, so maybe only the GH username could be a placeholder? I'm for doing this in a separate PR as it touches the whole guide.

@stefanprodan stefanprodan marked this pull request as ready for review September 29, 2022 18:08
darkowlzz
darkowlzz approved these changes Sep 29, 2022
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@stefanprodan stefanprodan merged commit 4f84ff5 into main Sep 29, 2022
@stefanprodan stefanprodan deleted the cosign-verify branch September 29, 2022 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiddeco hiddeco hiddeco left review comments

@darkowlzz darkowlzz darkowlzz approved these changes

Assignees
No one assigned
Labels
area/docs Documentation related issues and pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stefanprodan @darkowlzz @hiddeco