From 36f4546690c38df82469093727e6d124b72f0581 Mon Sep 17 00:00:00 2001 From: hiroki matsumoto Date: Tue, 20 Feb 2024 20:37:39 +0900 Subject: [PATCH] ci: add yes option with cosign --- .github/workflows/releease.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/releease.yml b/.github/workflows/releease.yml index 640188f..dcddd79 100644 --- a/.github/workflows/releease.yml +++ b/.github/workflows/releease.yml @@ -61,16 +61,16 @@ jobs: - name: Attach SBOM file in image run: | - cosign attest --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }} - cosign attest --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }} + cosign attest --yes --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }} + cosign attest --yes --key cosign.key --type spdx --predicate sbom.spdx.json ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }} shell: bash - name: Published a signed image env: COSIGN_EXPERIMENTAL: "1" run: | - cosign sign --key cosign.key ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }} - cosign sign --key cosign.key ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }} + cosign sign --yes --key cosign.key ghcr.io/${{ github.repository }}:${{ env.TAG_VERSION }}@${{ steps.build-and-push.outputs.digest }} + cosign sign --yes --key cosign.key ghcr.io/${{ github.repository }}:latest@${{ steps.build-and-push.outputs.digest }} release: name: release needs: build