Support multiple container identities #4415
Open
+94
−31
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
emilyzheng
force-pushed
the
multi-identities
branch
from
a007d9b to
9fa4469
Compare
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4415 +/- ##
==========================================
- Coverage 40.10% 34.21% -5.89%
==========================================
Files 155 218 +63
Lines 10044 15674 +5630
==========================================
+ Hits 4028 5363 +1335
- Misses 5530 9612 +4082
- Partials 486 699 +213 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
emilyzheng
force-pushed
the
multi-identities
branch
from
9fa4469 to
7eb0302
Compare
bobcallaway
reviewed
Sep 24, 2025
cmd/cosign/cli/options/sign.go
Outdated
| "issue a code signing certificate from Fulcio, even if a key is provided") | ||
|
|
||
| cmd.Flags().StringVar(&o.SignContainerIdentity, "sign-container-identity", "", | ||
| cmd.Flags().StringArrayVar(&o.SignContainerIdentities, "sign-container-identity", nil, |
There was a problem hiding this comment.
I'd use StringSliceVar here so you can specify the values as:
--sign-container-identity=docker.io/name1:tag1,docker.io/name2:tag2
emilyzheng
force-pushed
the
multi-identities
branch
from
7eb0302 to
4ca7ac6
Compare
emilyzheng
changed the title
cmurphy
requested changes
Sep 25, 2025
There was a problem hiding this comment.
Could you add a test, either in https://github.com/sigstore/cosign/blob/main/cmd/cosign/cli/sign/sign_test.go or better in https://github.com/sigstore/cosign/blob/main/test/e2e_test.go?
emilyzheng
force-pushed
the
multi-identities
branch
from
4ca7ac6 to
c337f93
Compare
|
Added an e2e test. |
With this change, cosign sign can be run only once when an image has multiple pull references. Closes sigstore#4330 Signed-off-by: Emily Zheng <[email protected]>
emilyzheng
force-pushed
the
multi-identities
branch
from
c337f93 to
0cb682a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
With this change, cosign sign can be run only once when an image has multiple pull references.
Closes #4330
Release Note
cosign sign --sign-container-identitysupports more than one identities.Documentation