diff --git a/.github/workflows/copybara-docker.yml b/.github/workflows/copybara-docker.yml index 021627d..728e7fc 100644 --- a/.github/workflows/copybara-docker.yml +++ b/.github/workflows/copybara-docker.yml @@ -66,11 +66,15 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + - name: Get Docker image digest + id: digest + run: | + echo "DOCKER_IMAGE_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' shreyasbhat0/copybara:$(echo ${{ steps.meta.outputs.tags }} | cut -d',' -f1))" >> $GITHUB_ENV + - name: Install Cosign uses: sigstore/cosign-installer@main - name: Sign the image with GitHub OIDC **EXPERIMENTAL** - run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${TAGS} + run: cosign sign --oidc-issuer https://token.actions.githubusercontent.com ${{ env.DOCKER_IMAGE_DIGEST }} env: - COSIGN_EXPERIMENTAL: 1 - TAGS: ${{ steps.meta.outputs.tags }} \ No newline at end of file + COSIGN_EXPERIMENTAL: 1 \ No newline at end of file