cpanato
commented
2 years ago /cc @dlorenc @developer-guy
we need to setup a github team and the codeowners for this repo as well
Closed cpanato closed 1 year ago
cpanato
commented
2 years ago /cc @dlorenc @developer-guy
we need to setup a github team and the codeowners for this repo as well
developer-guy
commented
2 years ago to sign the images/blobs
We should definitely move forward with a keyless approach, I can take care of that one, really exciting to do that. 🙋🏻♂️🚀
and to where we will push the images?
ghcr.io would be great but PTAL @dlorenc
What are the plans for the release job for this project?
IMHO, we should continue with GitHub Actions. 👌
mathieu-benoit
commented
1 year ago Hi there! 👋
Any progress on this?
In addition to the items listed on this issue, what about enabling Renovate/Dependabot too?
The current official image used in the deployment.yaml file devopps/cosign-gatekeeper-provider:latest is 1 year old: https://hub.docker.com/r/devopps/cosign-gatekeeper-provider/tags. Any plan to re-build/push a more up-to-date and secure version of this container image? Thanks!
cpanato
commented
1 year ago I will take care those things
mathieu-benoit
commented
1 year ago JFYI, RE: dependabot, it will be tackled in there https://github.com/sigstore/cosign-gatekeeper-provider/pull/21.
Question What are the plans for the release job for this project? will we use:
and to where we will push the images?
ghcr.ioto sign the images/blobs
when we agree on those I will setup the project to match what we agree