ci: Verify image at time of signing

Signed-off-by: Víctor Cuadrado Juan <[email protected]> Co-authored-by: José Guilherme Vanz <[email protected]>
kubewarden · Oct 8, 2024 · 6066471 · 6066471
1 parent e31e787
commit 6066471
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.github/workflows/sign-image.yml b/.github/workflows/sign-image.yml
@@ -30,3 +30,8 @@ jobs:
         run: |
           cosign sign --yes \
             ghcr.io/${{github.repository_owner}}/kubewarden-controller@${{ inputs.image-digest }}
+
+          cosign verify \
+            --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
+            --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/kubewarden-controller*" \
+            ghcr.io/${{github.repository_owner}}/kubewarden-controller@${{ inputs.image-digest }}