Skip to content
presubmit signed images are signed

Update sync config.yaml images 2024-04-29-10-12 #218

Sign in to view logs

Update sync config.yaml images 2024-04-29-10-12

Update sync config.yaml images 2024-04-29-10-12 #218

Workflow file for this run

.github/workflows/presubmit-signed-images-are-signed.yml at 609976e
name: presubmit signed images are signed
on:
pull_request: {}
workflow_dispatch: {}
jobs:
presubmit-signed-images-are-signed:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
- uses: GeoNet/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # main
- uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
- name: check signed images are signed as expected
run: |
yq -r e '.sync[] | select(.sourceSignature != null) | .source + " " + .sourceSignature.issuerRegExp + " " + .sourceSignature.subjectRegExp' -o json < ./config.yaml \
| xargs -n 1 -l bash -c 'cosign verify -o text --certificate-identity-regexp "$2" --certificate-oidc-issuer-regexp "$1" "$0"'