Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set image digest in output #286

Open
mmalyska opened this issue Mar 27, 2024 · 1 comment
Open

Set image digest in output #286

mmalyska opened this issue Mar 27, 2024 · 1 comment
Assignees
@chrmarti
Labels
under-discussion

Comments

@mmalyska
Copy link

I need to have pushed image digest so it can be signed with cosign.
Example action step:

      - name: Sign the published Docker image
        if: ${{ github.event_name != 'pull_request' }}
        env:
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
        # This step uses the identity token to provision an ephemeral certificate
        # against the sigstore community Fulcio instance.
        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
@chrmarti
Copy link
Collaborator

chrmarti commented Apr 2, 2024

I don't see a way of getting this from docker buildx build, so the action or the CLI would have to extract the digest.

I suggest you do this in your build script by adding a unique tag with the imageTag input (which accepts a comma separated list in case you already use it) of the devcontainer action and using that tag to look up the digest from docker inspect.

@chrmarti chrmarti self-assigned this Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chrmarti chrmarti

Labels
under-discussion
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmalyska @chrmarti