ci(cosign): Add cosign vars to sign containers on harbor (#1451)

SwanseaUniversityMedical · Nov 2, 2023 · f53ce1b · f53ce1b
1 parent a49bee4
commit f53ce1b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/.github/workflows/on-pr-update.yaml b/.github/workflows/on-pr-update.yaml
@@ -18,7 +18,7 @@ concurrency:
 jobs:
   changes:
     # Detect which files have been changed on this PR's full history
-    uses: SwanseaUniversityMedical/workflows/.github/workflows/changes-pr.yaml@v4.1.0
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/changes-pr.yaml@v4.3.0
     with:
       slack-channel: ${{ vars.SLACK_CHANNEL }}
       filters: |
@@ -34,17 +34,20 @@ jobs:
     # Build the concept-library container and push it as :pr-42 and :pr-42-fe45b3h
     needs: changes
     if: fromJSON(needs.changes.outputs.changes).concept-library-container == 'true'
-    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-pr-update-container.yaml@v4.1.0
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-pr-update-container.yaml@v4.3.0
     with:
       job-name: concept-library-container
       container-registry: ${{ vars.HARBOR_REGISTRY }}
       container-registry-user: ${{ vars.HARBOR_USER }}
       container-registry-project: ${{ vars.HARBOR_PROJECT }}
       container-registry-repo: concept-library
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
       slack-channel: ${{ vars.SLACK_CHANNEL }}
       build-command: |
         docker build -t $IMAGE -f "docker/production/build.Dockerfile" --build-arg server_name="conceptlibrary.saildatabank.com" .
     secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
       container-registry-token: ${{ secrets.HARBOR_TOKEN }}
       slack-token: ${{ secrets.SLACK_TOKEN }}
 
diff --git a/.github/workflows/on-release.yaml b/.github/workflows/on-release.yaml
@@ -18,7 +18,7 @@ jobs:
 
   changes:
     # Detect which files have been changed on this PR's full history
-    uses: SwanseaUniversityMedical/workflows/.github/workflows/changes-release.yaml@v4.1.0
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/changes-release.yaml@v4.3.0
     with:
       slack-channel: ${{ vars.SLACK_CHANNEL }}
       filters: |
@@ -33,7 +33,7 @@ jobs:
   concept-library-container:
     needs: changes
     if: fromJSON(needs.changes.outputs.changes).concept-library-container == 'true'
-    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-release-container.yaml@v4.1.0
+    uses: SwanseaUniversityMedical/workflows/.github/workflows/on-release-container.yaml@v4.3.0
     with:
       job-name: concept-library-container
       container-registry: ${{ vars.HARBOR_REGISTRY }}
@@ -43,10 +43,13 @@ jobs:
       release-tag-format: 'Concept-Library-${version}'
       release-branches: |
         ['master']
+      cosign-public-key: ${{ vars.COSIGN_PUBLIC_KEY }}
       slack-channel: ${{ vars.SLACK_CHANNEL }}
       build-command: |
         docker build -t $IMAGE -f "docker/production/build.Dockerfile" --build-arg server_name="conceptlibrary.saildatabank.com" .
     secrets:
+      cosign-private-key: ${{ secrets.COSIGN_PRIVATE_KEY }}
+      cosign-password: ${{ secrets.COSIGN_PASSWORD }}
       container-registry-token: ${{ secrets.HARBOR_TOKEN }}
       slack-token: ${{ secrets.SLACK_TOKEN }}