Added cosign

2022-05-04 22:13:04 +02:00 · 2022-05-04 22:13:04 +02:00 · 9d8b22d4e9
commit 9d8b22d4e9
parent b970ebe600
1 changed files with 19 additions and 10 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -89,7 +89,7 @@ kind: pipeline
 type: kubernetes
 name: build:tags
 steps:
-  - name: build $DRONE_TAG
+  - name: build_tag
    image: plugins/docker
    user: 0
    depends_on: [clone]
@ -103,14 +103,23 @@ steps:
        - "${DRONE_TAG}"
      registry: registry.odit.services
      mtu: 1000
-  - name: gitea_release
-    image: plugins/gitea-release
-    settings:
-      title: Release ${DRONE_TAG}
-      note: "Pull: `docker pull registry.odit.services/library/nginx-brotli:${DRONE_TAG}`"
-      api_key:
-        from_secret: gitea_token
-      base_url: https://git.odit.services
+  - name: sign_image
+    depends_on: [build_tag]
+    image: registry.odit.services/hub/library/alpine:edge
+    commands:
+      - apk add cosign docker
+      - echo $COSIGN_KEY > cosign.key
+      - echo $DOCKER_PASSWORD | docker login registry.odit.services -u $DOCKER_USERNAME --password-stdin
+      - cosign sign --key cosign.key registry.odit.services/library/nginx-brotli:${DRONE_TAG}
+    environment:
+      COSIGN_KEY:
+        from_secret: cosign_key
+      COSIGN_PASSWORD:
+        from_secret: cosign_password
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      DOCKER_USERNAME:
+        from_secret: docker_username
 trigger:
  event:
    - tag