-
Notifications
You must be signed in to change notification settings - Fork 2
39 lines (34 loc) · 1.36 KB
/
environment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: Create Docker Image
on:
push:
tags:
- v*
workflow_dispatch:
jobs:
docker-build:
runs-on: ubuntu-22.04
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Build Docker Images
uses: philips-software/docker-ci-scripts@v4.4.0
with:
dockerfile: ./Action/Dockerfile
image-name: post-to-medium-action
tags: latest ${{ github.ref_name }}
push-on-git-tag: "true"
sbom: true
sign: true
slsa-provenance: true
env:
DOCKER_USERNAME: ${{ github.actor }}
DOCKER_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
DOCKER_REGISTRY: ghcr.io/philips-software
GITHUB_ORGANIZATION: philips-software
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC }}
- name: Verify Image & SLSA Provenance
run: |
cosign verify --key cosign.pub ghcr.io/philips-software/post-to-medium-action:${{ github.ref_name }}
cosign verify-attestation --key cosign.pub ghcr.io/philips-software/post-to-medium-action:${{ github.ref_name }} | jq '.payload |= @base64d | .payload | fromjson | select(.predicateType=="https://slsa.dev/provenance/v0.2" ) | .'