Sign Docker images and other artefacts with cosign

Lucas0T · Lucas0T · commit ebe45b59d9a2 · 2025-08-25T11:57:41.000Z
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -269,6 +269,9 @@ jobs:
       - script-integration-test
       - env-var-check
     runs-on: ubuntu-24.04
+    permissions:
+      packages: write
+      id-token: write
     if: ${{ ! startsWith(github.head_ref, 'dependabot/')}}
 
     steps:
@@ -316,6 +319,9 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3
 
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3
         with:
@@ -337,6 +343,7 @@ jobs:
             type=semver,pattern={{major}}.{{minor}}
 
       - name: Build and push
+        id: docker-build-push
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           context: .
@@ -345,6 +352,9 @@ jobs:
           tags: ${{ steps.docker-meta.outputs.tags }}
           labels: ${{ steps.docker-meta.outputs.labels }}
 
+      - name: Sign GHCR Image
+        run: cosign sign --yes "ghcr.io/${{ github.repository }}@${{ steps.docker-build-push.outputs.digest }}"
+
       - name: Release
         uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2
         if: startsWith(github.ref, 'refs/tags/')
diff --git a/README.md b/README.md
@@ -34,6 +34,28 @@ TORCH interacts with the following components directly:
 The reverse proxy allows for integration into a site's multi-server infrastructure and provides a means of serving
 the extracted data.
 
+## Verification
+
+For container images, we use cosign to sign images. This allows users to confirm the image was built by the expected CI
+pipeline and has not been modified after publication.
+```
+cosign verify "ghcr.io/medizininformatik-initiative/torch:v1.0.0" \
+--certificate-identity-regexp "https://github.com/medizininformatik-initiative/torch.*" \
+--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
+--certificate-github-workflow-ref="refs/tags/v1.0.0" \
+-o text
+```
+The expected output is:
+```
+Verification for ghcr.io/medizininformatik-initiative/torch:v1.0.0 --
+The following checks were performed on each of these signatures:
+- The cosign claims were validated
+- Existence of the claims in the transparency log was verified offline
+- The code-signing certificate was verified using trusted certificate authority certificates
+```
+This output ensures that the image was build on the GitHub workflow on the repository
+`medizininformatik-initiative/torch` and tag `v1.0.0`.
+
 ### Cohort Selection
 
 TORCH supports CQL or FHIR Search for the cohort selection part.
