From 9822b2c416e53ead3a110dbe7818be801d058162 Mon Sep 17 00:00:00 2001 From: Kavindu Dodanduwa Date: Tue, 7 Mar 2023 14:49:46 -0800 Subject: [PATCH 1/2] add registry login Signed-off-by: Kavindu Dodanduwa --- .github/workflows/release-please.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 2a677aa66..d437f2bc4 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -86,6 +86,13 @@ jobs: runs-on: ubuntu-latest if: ${{ needs.release-please.outputs.release_created }} steps: + - name: Log in to the Container registry + uses: docker/login-action@ec9cdf07d570632daeb912f5b2099cb9ec1d01e6 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install Cosign uses: sigstore/cosign-installer@bd2d1189b064bcddc3903176a807dcdba72d7fd0 From 3b391ed6362740d14d115648d6da48c54457e83d Mon Sep 17 00:00:00 2001 From: Michael Beemer Date: Wed, 8 Mar 2023 14:59:54 -0500 Subject: [PATCH 2/2] corrected the cosign digest value Signed-off-by: Michael Beemer --- .github/workflows/release-please.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index d437f2bc4..c29a9fe03 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -98,7 +98,7 @@ jobs: - name: Sign the image run: | - cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.container-release.outputs.image_digest }} + cosign sign --yes --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ needs.container-release.outputs.digest }} cosign public-key --key env://COSIGN_PRIVATE_KEY --outfile ${{ env.PUBLIC_KEY_FILE }} env: COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}