Skip to content

Sign Older Plugins

Sign Older Plugins #1

name: Sign Older Plugins
on:
workflow_dispatch:
jobs:
publish-oci-artifacts:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
matrix: ${{ steps.oci_build.outputs.REGISTRY_UPDATE_STATUS }}
steps:
- name: Get plugin update matrix
id: oci_build
run: |
REGISTRY_UPDATE_STATUS='[{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/k8saudit"},"artifact":{"digest":"sha256:2c6ca9f7dac52a911f78269c65e988764eb682e8a98716484ebec9b7e01163bf","tags":["0.5.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/k8saudit"},"artifact":{"digest":"sha256:a366c11e6362c960d2103a84a27b6508cff0f38f3e255ab39be1b3efde939b98","tags":["0.5.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/k8saudit"},"artifact":{"digest":"sha256:8e5dcfdd6d8ab06ad862c32dc6ebe99272502edf9de703d135d3ada51c4ac334","tags":["0.5.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/k8saudit"},"artifact":{"digest":"sha256:91b2b7a9944d21eea2134879c9940573ad08f2bd0959787e22e0a351079cb261","tags":["0.5.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/k8saudit"},"artifact":{"digest":"sha256:79ee10b8d6d694e5c7690072b18a10162133caf2a509bd6887701847655cffe1","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/json"},"artifact":{"digest":"sha256:2cdba50fb80b7871c569363d2179fff08f9bd185cd45500bb29c63ece8c200a0","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/json"},"artifact":{"digest":"sha256:b13ff528c882e16fc7064aefb29515329252e83dc68dab5af9ad5149eb1abb4a","tags":["0.6.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/json"},"artifact":{"digest":"sha256:77fa6737f0146ebb82edc3f49f5409ae17fda9548f94b63fce8bf3c71617cc99","tags":["0.6.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/json"},"artifact":{"digest":"sha256:cff34898d5853e2db8ffe75dff1cea7f1cdd275f0a59b21132e8d3eff2f80c8b","tags":["0.7.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit-eks"},"artifact":{"digest":"sha256:86066a2e598c04875ec8144eb1876a7f0835b09963ea5db2218a30c5a99bdf3e","tags":["0.1.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit-eks"},"artifact":{"digest":"sha256:4c6572b9e30be810638717a967c8cc71cb8145d2c1ef917c3e0372048a72c8d1","tags":["0.1.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit-eks"},"artifact":{"digest":"sha256:7418a0c01bf0eb6f1aead221cb9e1869287ee41cfbb6fc7846370ded9752afd3","tags":["0.1.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit-eks"},"artifact":{"digest":"sha256:8dad26326a154383e1a68d3b082679126c0f354c20c251ab3d3b548ac5d7fc3c","tags":["0.2.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit"},"artifact":{"digest":"sha256:7081acb636b9017850a4cdea58c3ecf2cde09b426da21a72fdfb434d1ff8ba76","tags":["0.5.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit"},"artifact":{"digest":"sha256:7c7af9315ea63dabc6c6caeeea92c084f33a1ae674e1c1b6c6c9c3825bbf054f","tags":["0.5.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit"},"artifact":{"digest":"sha256:d8d90dee3e73d02a65d2681a34e7fc7e046e2010b7427eecd3e2bbecd576bf0e","tags":["0.5.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit"},"artifact":{"digest":"sha256:2497cdd0531d8927b736729c4d891bbc61f451445f378ceef74f212675523894","tags":["0.5.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/k8saudit"},"artifact":{"digest":"sha256:1ff068506c425d8d7651758ededf02c3c35834189265c4753ad674c87504048b","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/cloudtrail"},"artifact":{"digest":"sha256:54cf852bbbd9b3eb778bef481c9e94e7747dda5d3af285b3f030f7b439c12589","tags":["0.7.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/cloudtrail"},"artifact":{"digest":"sha256:ca490aeda00386b1894f23b29657f92f0dfd351ce051c8ddc29f4a9194e65b70","tags":["0.7.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/cloudtrail"},"artifact":{"digest":"sha256:fe26ea0bdae66a858e4eb074716e73404b46b64f79ac9db15a0b40588bbc9dc8","tags":["0.7.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/cloudtrail"},"artifact":{"digest":"sha256:c388860836c8e67597729060d2d5e9705ad534879e056a9f80b1a9925f9c101e","tags":["0.7.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/cloudtrail"},"artifact":{"digest":"sha256:68469b3a24883ad4a9f1f852d13b16688434e0344925c1d4c39485d8ca16d357","tags":["0.8.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/cloudtrail"},"artifact":{"digest":"sha256:b2497303ac87643240cf18cbe2bb16e272e94e2b86c89626700455ff9cb66506","tags":["0.7.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/cloudtrail"},"artifact":{"digest":"sha256:27a44e7bfab4ea2e6f89340f0e77c076c83a447145db73d5b325fc6d873ee39e","tags":["0.7.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/cloudtrail"},"artifact":{"digest":"sha256:056c1d38d59739d92e3fd874212a8bf0da6197adaa5f704b66c8b4781df2e492","tags":["0.7.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/cloudtrail"},"artifact":{"digest":"sha256:ad7e57d6b0d4edd14c0e395ce438edb8c78f7b1e6cdb06b7c03ed50cfc7484b2","tags":["0.7.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/cloudtrail"},"artifact":{"digest":"sha256:20367a0d1195cb5d76e43ff62152f00c7f8bd68f6add99d0da8b6b137a370f8a","tags":["0.8.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy"},"artifact":{"digest":"sha256:9b5ed956d537c85527518c970f2b8f7f2d40b7b91334994d0c615418725ee146","tags":["0.8.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy"},"artifact":{"digest":"sha256:7bc4a8b9cdba62e639aa25257c85db1714641c488b904afa6e64ddc6ee0d0c88","tags":["0.8.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy"},"artifact":{"digest":"sha256:d37c4ffc6a12173a920390f9a861216d9884d7363b56d721c9deaaaa59bde947","tags":["0.8.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy"},"artifact":{"digest":"sha256:361b0a27b6cdd4c36e344c3d0da4c06ba139afbfa4abf7cece8d61ea3e5ee67d","tags":["0.8.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy"},"artifact":{"digest":"sha256:6cc01e8d11519f13cbe80e81af50b1617266cadf80ef67c4f68c66bd741b29b0","tags":["0.9.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/github"},"artifact":{"digest":"sha256:667e2ddf3af8f4a07a120e7fc2b3407730539fffede90c4fdfdb947bf07319c9","tags":["0.5.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/github"},"artifact":{"digest":"sha256:344cf183d51e0a702efe0b04805b6a1546f270fd86c4e97e412684473876235d","tags":["0.5.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/github"},"artifact":{"digest":"sha256:194eb517140d56ff3199cc94e4c96e82e2f9c408b1f3b08bff089c3ccb79ce77","tags":["0.5.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/github"},"artifact":{"digest":"sha256:2424f0aab99ba96f5e80caa28963e831081a38c6eedb2da70954faf3912f7482","tags":["0.5.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/github"},"artifact":{"digest":"sha256:95f2fda9d4830d00c65090806370df93eeb31eb89876e2fee7eb1a6678b3ee71","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/okta"},"artifact":{"digest":"sha256:23d4c322c7ed8c8e58c438b8a96049e3f74cbdf0eed2eb839074e34233da838c","tags":["0.5.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/okta"},"artifact":{"digest":"sha256:74e652f28595ed09a6aced90f7fdd595bcfb585a312539b0327028e6f5965058","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/okta"},"artifact":{"digest":"sha256:63596d2c1815459ea556d4f2605c315d3da7a83b8ad701084275b00c4bb49531","tags":["0.7.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/okta"},"artifact":{"digest":"sha256:a0a2acebb39eb726dd2089b279f8477ffbcb4d6762570710a0e0262015f402b8","tags":["0.8.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/github"},"artifact":{"digest":"sha256:6942bd09af1d4ee9cf30f5217696af7ca88896073b4b9732d607827380d96513","tags":["0.5.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/github"},"artifact":{"digest":"sha256:c7633f63f3537d44cd17e1f215d82ed4356f7bec75f717c2880404b1fc45eca4","tags":["0.5.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/github"},"artifact":{"digest":"sha256:cab03e5049c66e1911d37ec233a417c8a140ac9b01fa355f6ca6cda7b583908a","tags":["0.5.2"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/github"},"artifact":{"digest":"sha256:1b2cc353664dbc7e2e15261b2a257c254afc7ad5cd880d0d25fd67858ee7a895","tags":["0.5.3"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/github"},"artifact":{"digest":"sha256:19628cc80ea15d380c31247442bea3524dba4326a97d6ca8973c4d9cd3cbaa36","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/okta"},"artifact":{"digest":"sha256:ceaebae71ec8f3797397217e2e70712c4aea907f0bec1549a1c5f96d11966137","tags":["0.5.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/okta"},"artifact":{"digest":"sha256:9ecb83c93404ebae864424aabed8d393687162ce3cb426be90f0e3dff7341e55","tags":["0.6.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/okta"},"artifact":{"digest":"sha256:5b3e1cfc32e2fbecda6d999fd1a1de84baae117f323dc02f282400962ed7c7cb","tags":["0.7.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/ruleset/okta"},"artifact":{"digest":"sha256:e1b647772aa973c212ca4bf3fa2033ab8a52002b21fb62042f7d34b55c82ab9e","tags":["0.8.0"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy_c"},"artifact":{"digest":"sha256:e65cf2727a91facae6484fdee8eb6e3de9cfc6d2cc8b1ef1fa4ba074043f6c72","tags":["0.2.1"]}},{"repository":{"ref":"ghcr.io/falcosecurity/plugins/plugin/dummy_c"},"artifact":{"digest":"sha256:05341840dc2d7df3969fb79eb317e37dbcaac7301be801bff1421c31e64c36fb","tags":["0.2.2"]}}]'
echo "REGISTRY_UPDATE_STATUS=${REGISTRY_UPDATE_STATUS}" >> $GITHUB_OUTPUT
# Create signatures of the plugin artifacts as OCI artifacts
sign-oci-artifacts:
needs: [ publish-oci-artifacts ]
runs-on: ubuntu-latest
if: ${{ needs.publish-oci-artifacts.outputs.matrix != '[]' }}
strategy:
matrix:
value: ${{ fromJson(needs.publish-oci-artifacts.outputs.matrix) }}
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Install Cosign
uses: sigstore/[email protected]
with:
cosign-release: 'v2.1.0'
- run: cosign version
- name: Log into ghcr.io
uses: docker/login-action@master
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Sign the artifacts with GitHub OIDC Token
run: cosign sign --yes ${{ matrix.value.repository.ref }}@${{ matrix.value.artifact.digest }}