Annotation support when uploading blobs #2149
Labels
enhancement
New feature or request
Comments
|
Maybe a different flag to make sure it's clear these are unprotected (not signed)? |
|
Good point, I'll open a PR so we can figure out the flag name. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Annotations for blobs
We are using cosign to upload (and sign) release artifacts as blobs. We currently use something like:
cosign upload blob -f ./release/linux/myapp:linux/amd64 -f ./release/darwin/myapp:darwin/amd64 -f ./release/windows/myapp.exe:windows/amd64 private-registry.tld/foo/myapp/myapp:{{ .releaseVersion }}It would be useful to be able to add (common) annotations to the descriptor(s) for the manifests to store some more information:
cosign upload blob -a date=xxxx -a name="a name" -f ./release/linux/myapp:linux/amd64 -f ./release/darwin/myapp:darwin/amd64 -f ./release/windows/myapp.exe:windows/amd64 private-registry.tld/foo/myapp/myapp:{{ .releaseVersion }}This way we can in our custom code get a bit more metadata on the releases we have stored in the registry.
I'll be happy to prepare a PR if it makes sense!
The text was updated successfully, but these errors were encountered: