Skip to content

Commit 169debf

Browse files
WuodanWuodan
committed
Revert "Sign published image manifests with cosign"
This reverts commit b5fc7b2.
1 parent 67205de commit 169debf

1 file changed

Lines changed: 4 additions & 14 deletions

File tree

.github/workflows/build.yaml

Lines changed: 4 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -21,10 +21,6 @@ on:
2121
env:
2222
IMAGE_NAME: ${{ inputs.image_name || vars.IMAGE_NAME || 'nikolaik/python-nodejs' }}
2323

24-
permissions:
25-
contents: write
26-
id-token: write
27-
2824
jobs:
2925
generate-matrix:
3026
name: Generate build matrix
@@ -116,21 +112,15 @@ jobs:
116112
password: ${{ secrets.DOCKERHUB_TOKEN }}
117113

118114
- name: Push multi-arch manifest
119-
id: push-manifest
120-
run: |
121-
digest="$(docker manifest push "${IMAGE_NAME}:${{ matrix.key }}" | tail -n1)"
122-
echo "digest=${digest}" >> "$GITHUB_OUTPUT"
123-
124-
- name: Install Cosign
125-
uses: sigstore/cosign-installer@v4.0.0
115+
run: docker manifest push "${IMAGE_NAME}:${{ matrix.key }}"
126116

127-
- name: Sign multi-arch manifest
128-
run: cosign sign --yes "${IMAGE_NAME}@${{ steps.push-manifest.outputs.digest }}"
117+
- name: Set up Docker Buildx
118+
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
129119

130120
- name: Add digest to build context
131121
run: |
132122
mkdir builds/
133-
digest="${{ steps.push-manifest.outputs.digest }}"
123+
digest="$(docker buildx imagetools inspect "${IMAGE_NAME}:${{ matrix.key }}" | awk '/^Digest:/ {print $2}')"
134124
echo '${{ toJSON(matrix) }}' | jq --arg digest "$digest" '. +={"digest": $digest}' >> "builds/${{ matrix.key }}.json"
135125
136126
- name: Upload build context

0 commit comments

Comments
 (0)