Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sign manifest with cosign #245

Merged
merged 7 commits into from
Feb 3, 2025
Merged

fix: sign manifest with cosign #245

merged 7 commits into from
Feb 3, 2025

Conversation

p5
Copy link
Member

@p5 p5 commented Feb 2, 2025
edited
Loading

--enforce-container-sigpolicy is failing due to a missing signature.

This PR signs the manifests as well as the image, which should allow us to enforce signatures during rebases and updates.

Due to running the manifest step in a container, and Cosign not working well in said container, I've moved the sign step to a separate job which is completed after pushing the manifest.

@p5 p5 marked this pull request as ready for review February 2, 2025 19:34
@p5 p5 requested a review from tulilirockz as a code owner February 2, 2025 19:34
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Feb 2, 2025
@tulilirockz tulilirockz enabled auto-merge February 2, 2025 19:42
tulilirockz
tulilirockz previously approved these changes Feb 2, 2025
View reviewed changes
@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Feb 2, 2025
@tulilirockz tulilirockz added this pull request to the merge queue Feb 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 2, 2025
@tulilirockz tulilirockz added this pull request to the merge queue Feb 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 2, 2025
tulilirockz
tulilirockz previously approved these changes Feb 2, 2025
View reviewed changes
Copy link
Collaborator

@tulilirockz tulilirockz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh interesting. I was trying to get this going with another job locally but you pushed this before I could push mine. This might actually just be better tho LOL

@tulilirockz tulilirockz enabled auto-merge February 2, 2025 21:27
@tulilirockz tulilirockz added this pull request to the merge queue Feb 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 2, 2025
@tulilirockz tulilirockz force-pushed the sign-image-manifest-with-cosign branch from 952d0fa to 81d6c3f Compare February 2, 2025 22:29
tulilirockz
tulilirockz previously approved these changes Feb 2, 2025
View reviewed changes
@tulilirockz tulilirockz enabled auto-merge February 2, 2025 22:31
@tulilirockz tulilirockz added this pull request to the merge queue Feb 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 2, 2025
@p5 p5 requested a review from castrojo February 3, 2025 00:43
@p5 p5 enabled auto-merge February 3, 2025 00:55
@p5 p5 added this pull request to the merge queue Feb 3, 2025
@p5 p5 removed this pull request from the merge queue due to a manual request Feb 3, 2025
@dosubot dosubot bot added size:M This PR changes 30-99 lines, ignoring generated files. and removed size:S This PR changes 10-29 lines, ignoring generated files. labels Feb 3, 2025
@castrojo castrojo enabled auto-merge February 3, 2025 01:27
@castrojo castrojo added this pull request to the merge queue Feb 3, 2025
Merged via the queue into main with commit 33b2562 Feb 3, 2025
21 checks passed
@castrojo castrojo deleted the sign-image-manifest-with-cosign branch February 3, 2025 01:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@castrojo castrojo castrojo approved these changes

@tulilirockz tulilirockz tulilirockz left review comments

Assignees
No one assigned
Labels
lgtm This PR has been approved by a maintainer size:M This PR changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@p5 @castrojo @tulilirockz