Skip to content

Commit

Permalink
updating signing key variable
Browse files Browse the repository at this point in the history
  • Loading branch information
@tamalerhino
tamalerhino authored Nov 2, 2024
1 parent 9ef7bb5 commit 81079ac
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:

- name: Run CodeQL and Record Provenance
run: |
in-toto-run --step "codeql-sast" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- github/codeql-action/autobuild@v3
in-toto-run --step "codeql-sast" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
Expand Down Expand Up @@ -64,7 +64,7 @@ jobs:

- name: Build and Publish Container Image and Record Provenance
run: |
in-toto-run --step "build-push" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- docker/build-push-action@v3
in-toto-run --step "build-push" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- docker/build-push-action@v3
trivy:
name: Run Trivy Scan
Expand All @@ -88,7 +88,7 @@ jobs:

- name: Record Trivy Scan Provenance
run: |
in-toto-run --step "trivy-scan" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- trivy
in-toto-run --step "trivy-scan" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- trivy
sign:
name: Sign Container Image with Cosign
Expand All @@ -111,7 +111,7 @@ jobs:
- name: Sign Container Image and Record Provenance
run: |
in-toto-run --step "cosign-sign" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- cosign sign --key-env COSIGN_KEY ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
in-toto-run --step "cosign-sign" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- cosign sign --key-env COSIGN_KEY ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
validate-container:
name: Validate Container Image
Expand All @@ -134,7 +134,7 @@ jobs:

- name: Verify Signature and Record Provenance
run: |
in-toto-run --step "validate-signature" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- cosign verify --key cosign.key ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
in-toto-run --step "validate-signature" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- cosign verify --key cosign.key ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
- uses: anchore/sbom-action@v0
with:
Expand Down

0 comments on commit 81079ac

Please sign in to comment.