From 4fb5f25e623749c6a3a08cb8e1c2457a55ef7e48 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Tue, 5 Nov 2024 19:09:43 -0500 Subject: [PATCH] chore(ci): cosign signing for legacy hwe support (#1893) --- .github/workflows/reusable-build.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 368de073922..281571f4dfc 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -407,6 +407,20 @@ jobs: COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + - name: Sign container image + if: github.event_name != 'pull_request' && contains(inputs.image_flavors, 'hwe') + shell: bash + run: | + image_name="${{ env.IMAGE_NAME }}" + asus_name="${image_name/hwe/asus}" + surface_name="${image_name/hwe/surface}" + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${asus_name}@${TAGS} + cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${surface_name}@${TAGS} + env: + TAGS: ${{ steps.push.outputs.outputs && fromJSON(steps.push.outputs.outputs).digest }} + COSIGN_EXPERIMENTAL: false + COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} + - name: Generate file containing outputs if: github.event_name != 'pull_request' env: