Skip to content

Get digest from manifest file hash #16

Get digest from manifest file hash

Get digest from manifest file hash #16

---
name: Build and sign image
on:
push:
tags:
- v*
permissions:
contents: read
packages: write
id-token: write
jobs:
build_and_sign_image:
name: Build and sign image
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
# - name: Build image
# shell: bash
# run: |
# cd ${{ github.workspace }}/enclave
# docker build -t ghcr.io/${{ github.repository }}:${{ github.sha }} .
- name: Install Cosign
uses: sigstore/[email protected]
- name: Check install!
shell: bash
run: cosign version
- name: Log into ghcr.io
uses: docker/[email protected]
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# - name: Push image
# id: push-image
# shell: bash
# run: |
# docker push ghcr.io/${{ github.repository }}:${{ github.sha }}
# DIGEST=$(docker inspect ghcr.io/${{ github.repository }}:${{ github.sha }} | jq -r '.[0].RepoDigests | .[0]' | cut -d "@" -f 2)
# echo "digest=${DIGEST}" >> "${GITHUB_OUTPUT}"
# - name: Sign image
# env:
# DIGEST: ${{ steps.push-image.outputs.digest }}
# TAGS: ghcr.io/${{ github.repository }}:${{ github.sha }}
# run: |
# images=""
# for tag in ${TAGS}; do
# images+="${tag}@${DIGEST} "
# done
# cosign sign --yes ${images}
- name: setup-oras
uses: oras-project/[email protected]
with:
version: 1.1.0
- name: Sign and upload file
shell: bash
run: |
echo "Hello World" > test
oras push --export-manifest manifest.json ghcr.io/${{ github.repository }}:${{ github.sha }} test
DIGEST=$(sha256sum manifest.json | cut -d " " -f 1)
cosign sign --yes ghcr.io/${{ github.repository }}:${{ github.sha }}@${DIGEST}