Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: updated README.md #68

Merged
merged 3 commits into from
Jul 12, 2024
Merged

docs: updated README.md #68

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2eb02bf
updated README.md
Two-Hearts Jul 11, 2024
4918e6f
updated README.md
Two-Hearts Jul 11, 2024
112be15
updated based on review
Two-Hearts Jul 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 16 additions & 9 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ This repository contains the implementation of [GitHub Actions](https://docs.git
The following three actions are available:

- `setup`: Install Notation
- `sign`: Sign an OCI artifact with a specified Notation plugin
- `verify`: Verify a signature with Notation trust store and trust policy
- `sign`: Sign OCI artifacts with a specified Notation plugin
- `verify`: Verify signatures with Notation trust store and trust policy

> [!NOTE]
> The Notary Project documentation is available [here](https://notaryproject.dev/docs/). You can also find the Notary Project [README](https://github.com/notaryproject/.github/blob/main/README.md) to learn about the overall Notary Project.
Expand Down Expand Up @@ -51,7 +51,7 @@ Currently, [Azure Key Vault plugin for Notation](https://github.com/Azure/notati
plugin_url: <plugin_download_url>
plugin_checksum: <SHA256_of_the_signing_plugin>
key_id: <key_identifier_to_sign>
target_artifact_reference: <target_artifact_reference_in_remote_registry>
target_artifact_reference: <list_of_target_artifact_references_in_remote_registry>
signature_format: <signature_envelope_format>
plugin_config: <list_of_plugin_defined_configs>
allow_referrers_api: <boolean_flag_for_referrers_api>
Expand All @@ -69,7 +69,9 @@ Currently, [Azure Key Vault plugin for Notation](https://github.com/Azure/notati
plugin_url: https://github.com/Azure/notation-azure-kv/releases/download/v1.0.1/notation-azure-kv_1.0.1_linux_amd64.tar.gz
Two-Hearts marked this conversation as resolved.
Show resolved Hide resolved
plugin_checksum: f8a75d9234db90069d9eb5660e5374820edf36d710bd063f4ef81e7063d3810b
key_id: https://testnotationakv.vault.azure.net/keys/notationLeafCert/c585b8ad8fc542b28e41e555d9b3a1fd
target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
target_artifact_reference: |-
Two-Hearts marked this conversation as resolved.
Show resolved Hide resolved
myRegistry.azurecr.io/myRepo@sha256:aaabbb
myOtherRegistry.azurecr.io/myOtherRepo@sha256:cccddd
signature_format: cose
plugin_config: |-
ca_certs=.github/cert-bundle/cert-bundle.crt
Expand All @@ -89,7 +91,9 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
plugin_url: https://github.com/Azure/notation-azure-kv/releases/download/v1.0.1/notation-azure-kv_1.0.1_linux_amd64.tar.gz
plugin_checksum: f8a75d9234db90069d9eb5660e5374820edf36d710bd063f4ef81e7063d3810b
key_id: https://testnotationakv.vault.azure.net/keys/notationLeafCert/c585b8ad8fc542b28e41e555d9b3a1fd
target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
target_artifact_reference: |-
myRegistry.azurecr.io/myRepo@sha256:aaabbb
myOtherRegistry.azurecr.io/myOtherRepo@sha256:cccddd
signature_format: cose
plugin_config: |-
ca_certs=.github/cert-bundle/cert-bundle.crt
Expand All @@ -104,7 +108,7 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
- name: verify released artifact
uses: notaryproject/notation-action/verify@v1
with:
target_artifact_reference: <target_artifact_reference_in_remote_registry>
target_artifact_reference: <list_of_target_artifact_references_in_remote_registry>
trust_policy: <file_path_to_user_defined_trustpolicy.json>
trust_store: <dir_to_user_trust_store>
allow_referrers_api: <boolean_flag_for_referrers_api>
Expand All @@ -118,7 +122,9 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
- name: verify released artifact
uses: notaryproject/notation-action/verify@v1
with:
target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
target_artifact_reference: |-
myRegistry.azurecr.io/myRepo@sha256:aaabbb
myOtherRegistry.azurecr.io/myOtherRepo@sha256:cccddd
trust_policy: .github/trustpolicy/trustpolicy.json
trust_store: .github/truststore
```
Expand Down Expand Up @@ -149,7 +155,9 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
NOTATION_EXPERIMENTAL: 1 # this is required by Notation to use Referrers API
with:
allow_referrers_api: 'true'
target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
target_artifact_reference: |-
myRegistry.azurecr.io/myRepo@sha256:aaabbb
myOtherRegistry.azurecr.io/myOtherRepo@sha256:cccddd
trust_policy: .github/trustpolicy/trustpolicy.json
trust_store: .github/truststore
```
Expand All @@ -168,4 +176,3 @@ To sign and verify an image stored in the private registry with Notation GitHub
### KMS authentication

If your signing key and certificate are stored in a KMS, make sure to authenticate with the KMS before signing the image in your GitHub Actions workflow.

Loading