diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 406ebeb..0909116 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,12 +8,6 @@ jobs: test: name: 🤞 Test runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write steps: - name: 🛑 Cancel Previous Runs uses: styfle/cancel-workflow-action@0.9.1 @@ -57,25 +51,3 @@ jobs: run: make build env: VERSION: "ci-build" - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.PAT }} - - - name: Install cosign - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 - with: - cosign-release: 'v2.1.1' - - - name: Sign the OCI artifact - env: - COSIGNKEY: ${{ secrets.COSIGNKEY }} - run: | - echo "$COSIGNKEY" > /home/runner/work/capacitor/capacitor/cosign.key - # keyless mode - cosign sign ghcr.io/gimlet-io/capacitor-manifests:v-cosign-test2 -y - # private pub key - cosign sign --key /home/runner/work/capacitor/capacitor/cosign.key ghcr.io/gimlet-io/capacitor-manifests:v-cosign-test2 -y \ No newline at end of file diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b6c9531..dc14cd3 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -65,6 +65,7 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.PAT }} # `PAT` is a secret that contains your Personal Access Token with `write:packages` scope - name: Build and push Gimlet image + id: build-and-push uses: docker/build-push-action@v4.2.1 with: context: . @@ -94,4 +95,4 @@ jobs: COSIGNKEY: ${{ secrets.COSIGNKEY }} run: | # keyless mode - cosign sign ghcr.io/gimlet-io/capacitor-manifests:${{ steps.version.outputs.version }} -y + cosign sign ghcr.io/gimlet-io/capacitor-manifests:${{ steps.build-and-push.outputs.digest }} -y