fixing cosign key issue #3

Workflow file for this run

	name: CI Pipeline

	on:
	push:
	branches:
	- main
	pull_request:

	jobs:
	codeql:
	name: Run CodeQL SAST
	runs-on: ubuntu-latest
	permissions:
	security-events: write
	steps:
	- name: Checkout Code
	uses: actions/checkout@v3

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v2
	with:
	languages: javascript

	- name: Autobuild
	uses: github/codeql-action/autobuild@v2

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v2

	build:
	name: Build Docker Image
	runs-on: ubuntu-latest
	needs: codeql
	steps:
	- name: Checkout Code
	uses: actions/checkout@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v2

	- name: Log in to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Build and Push Docker Image
	run: \|
	docker build -t ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest .
	docker push ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest

	trivy:
	name: Run Trivy Scan
	runs-on: ubuntu-latest
	needs: build

	steps:
	- name: Checkout Code
	uses: actions/checkout@v3

	- name: Install Trivy
	run: \|
	sudo apt-get install wget
	wget https://github.com/aquasecurity/trivy/releases/download/v0.40.0/trivy_0.40.0_Linux-64bit.deb
	sudo dpkg -i trivy_0.40.0_Linux-64bit.deb

	- name: Run Trivy Scan
	run: \|
	trivy image ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest

	sign:
	name: Sign Docker Image with Cosign
	runs-on: ubuntu-latest
	needs: trivy

	steps:
	- name: Checkout Code
	uses: actions/checkout@v3

	- name: Install Cosign
	run: \|
	curl -LO https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
	chmod +x cosign-linux-amd64
	sudo mv cosign-linux-amd64 /usr/local/bin/cosign

	- name: Write signing key to disk
	run: \|
	echo $KEY > cosign.key
	shell: bash
	env:
	KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}

	- name: Sign Docker Image
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
	run: \|
	cosign sign --key cosign.key ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest

	validate-signature:
	name: Validate Docker Image Signature
	runs-on: ubuntu-latest
	needs: sign

	steps:
	- name: Checkout Code
	uses: actions/checkout@v3

	- name: Install Cosign
	run: \|
	curl -LO https://github.com/sigstore/cosign/releases/download/v1.13.1/cosign-linux-amd64
	chmod +x cosign-linux-amd64
	sudo mv cosign-linux-amd64 /usr/local/bin/cosign

	- name: Verify Image Signature
	run: \|
	cosign verify ${{ secrets.DOCKER_USERNAME }}/container-security-lab:latest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fixing cosign key issue #3

Workflow file

fixing cosign key issue #3

Uh oh!

Jobs

Run details

Workflow file for this run