Add support for signing with Sigstore

travier commented 10 months ago

Description

Related Issue(s)

Fixes: https://github.com/redhat-actions/push-to-registry/issues/89

Checklist

[X] This PR includes a documentation change
[ ] This PR does not need a documentation change
[ ] This PR includes test changes
[ ] This PR's changes are already tested
[ ] This change is not user-facing
[ ] This change is a patch change
[ ] This change is a minor change
[ ] This change is a major (breaking) change

Changes made

README: Fix Markdown lints and typos

Add support for signing with Sigstore

Fixes: https://github.com/redhat-actions/push-to-registry/issues/89

Update node dependencies: npm audit fix --force

Update bundle: rpm run bundle

travier commented 10 months ago

I'm currently testing this change in this repo: https://github.com/travier/cosign-test

This needs a newer podman version than the one currently available in Ubuntu 22.04 (ubuntu-latest), thus I'm installing it from https://podman.io/docs/installation#ubuntu

travier commented 10 months ago

Error: initializing private key: decrypt: encrypted: unexpected kdf parameters

🤔

Filed as https://github.com/containers/podman/issues/20771.

travier commented 10 months ago

I now have a working setup with https://github.com/travier/podman-action & https://github.com/travier/cosign-test which works with this PR.

Example multi-arch, podman signed build in https://github.com/travier/cosign-test/blob/main/.github/workflows/nginx.yml.

travier commented 2 months ago

This should work once the Ubuntu 24.04 runner images become the default.

redhat-actions / push-to-registry