@@ -79,10 +79,25 @@ jobs:
7979 ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release-please.outputs.release_tag_name }}
8080labels : ${{ steps.meta.outputs.labels }}
8181
82+
83+ - name : Install cosign
84+ uses : sigstore/cosign-installer@main
85+ with :
86+ cosign-release : ' v1.13.0'
87+
88+ - name : Sign release image
89+ run : |
90+ cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }}
91+ # Displays the public key to share.
92+ cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub
93+ env :
94+ COSIGN_PRIVATE_KEY : ${{secrets.COSIGN_PRIVATE_KEY}}
95+ COSIGN_PASSWORD : ${{secrets.COSIGN_PASSWORD}}
96+ if : ${{ env.DRY_RUN != 'true' }}
97+
8298 release-assets :
8399 permissions :
84100 contents : write # for softprops/action-gh-release to create GitHub release
85- packages : write # for package signing
86101 needs : build-oci
87102 runs-on : ubuntu-latest
88103 if : ${{ needs.release-please.outputs.release_created }}
@@ -105,21 +120,6 @@ jobs:
105120
106121uses : anchore/sbom-action@v0
107122
108- - name : Install cosign
109- uses : sigstore/cosign-installer@main
110- with :
111- cosign-release : ' v1.13.0'
112-
113- - name : Sign release image
114- run : |
115- cosign sign --key env://COSIGN_PRIVATE_KEY ghcr.io/open-feature/open-feature-operator:${{ needs.release-please.outputs.release_tag_name }}
116- # Displays the public key to share.
117- cosign public-key --key env://COSIGN_PRIVATE_KEY > ./cosign.pub
118- env :
119- COSIGN_PRIVATE_KEY : ${{secrets.COSIGN_PRIVATE_KEY}}
120- COSIGN_PASSWORD : ${{secrets.COSIGN_PASSWORD}}
121- if : ${{ env.DRY_RUN != 'true' }}
122-
123123 - name : Release
124124 uses : softprops/action-gh-release@v1
125125 with :
0 commit comments