diff --git a/.drone.yml b/.drone.yml index 6765a7b..3eba974 100644 --- a/.drone.yml +++ b/.drone.yml @@ -26,6 +26,20 @@ get: path: odit-git-bot name: sshkey +--- +kind: secret +name: cosign_key +get: + path: cosign + name: cosign.key + +--- +kind: secret +name: cosign_password +get: + path: cosign + name: cosign.password + --- kind: pipeline type: kubernetes @@ -78,7 +92,7 @@ type: kubernetes name: build:tags steps: - - name: build $DRONE_TAG + - name: build:tag image: plugins/docker user: 0 depends_on: [clone] @@ -92,6 +106,23 @@ steps: - "${DRONE_TAG}" registry: registry.odit.services mtu: 1000 + - name: sign:image:tag + depends_on: [build:tag] + image: registry.odit.services/hub/library/alpine:edge + commands: + - apk add cosign docker + - echo $COSIGN_KEY > cosign.key + - echo $DOCKER_PASSWORD | docker login registry.odit.services -u $DOCKER_USERNAME --password-stdin + - cosign sign --key cosign.key registry.odit.services/library/nginx-brotli:${DRONE_TAG} + environment: + COSIGN_KEY: + from_secret: cosign_key + COSIGN_PASSWORD: + from_secret: cosign_password + DOCKER_PASSWORD: + from_secret: docker_password + DOCKER_USERNAME: + from_secret: docker_username trigger: event: - tag