Closed cpanato closed 1 year ago
/cc @dlorenc @developer-guy
we need to setup a github team and the codeowners for this repo as well
to sign the images/blobs
We should definitely move forward with a keyless approach, I can take care of that one, really exciting to do that. 🙋🏻♂️🚀
and to where we will push the images?
ghcr.io
would be great but PTAL @dlorenc
What are the plans for the release job for this project?
IMHO, we should continue with GitHub Actions. 👌
Hi there! 👋
Any progress on this?
In addition to the items listed on this issue, what about enabling Renovate/Dependabot too?
The current official image used in the deployment.yaml
file devopps/cosign-gatekeeper-provider:latest
is 1 year old: https://hub.docker.com/r/devopps/cosign-gatekeeper-provider/tags. Any plan to re-build/push a more up-to-date and secure version of this container image? Thanks!
I will take care those things
JFYI, RE: dependabot
, it will be tackled in there https://github.com/sigstore/cosign-gatekeeper-provider/pull/21.
Question What are the plans for the release job for this project? will we use:
and to where we will push the images?
ghcr.io
to sign the images/blobs
when we agree on those I will setup the project to match what we agree