File tree Expand file tree Collapse file tree 2 files changed +10
-2
lines changed
Expand file tree Collapse file tree 2 files changed +10
-2
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ fixes :
3+ - |
4+ Updates the command to retrieve the correct digest sha256 of a docker image
5+ after it has been pushed to a container registry in the release script.
6+ Previously, the script was incorrectly attempting to get the sha256 from
7+ the local docker images, which does not provide the correct digest needed
8+ for signing the image with cosign. The fix uses `docker inspect` to get
9+ the digest from the pushed image in the registry.
Original file line number Diff line number Diff line change @@ -449,9 +449,8 @@ container_release_file(){
449449 export COSIGN_PASSWORD
450450 docker tag " $container_image_id " " $CONTAINER_PUSH_REGISTRY " " $lfn_umbrella " " $name " " $VERSION "
451451 docker push " $CONTAINER_PUSH_REGISTRY " " $lfn_umbrella " " $name " " $VERSION "
452- image_sha =$( docker images --no-trunc --quiet \
452+ image_digest =$( docker inspect --format= ' {{index .RepoDigests 0}} '
453453 " $CONTAINER_PUSH_REGISTRY " " $lfn_umbrella " " $name " " $VERSION " )
454- image_digest=" $CONTAINER_PUSH_REGISTRY /$lfn_umbrella /$name @$image_sha "
455454 cosign sign -y --key " $COSIGN_PRIVATE_KEY " " $image_digest "
456455 fi
457456 echo " #########################"
You can’t perform that action at this time.
0 commit comments