Skip to content

Commit 81079ac

Browse files
tamalerhinotamalerhino
authored
updating signing key variable
1 parent 9ef7bb5 commit 81079ac

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

.github/workflows/ci.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
- name: Run CodeQL and Record Provenance
3434
run: |
35-
in-toto-run --step "codeql-sast" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- github/codeql-action/autobuild@v3
35+
in-toto-run --step "codeql-sast" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- github/codeql-action/autobuild@v3
3636
3737
- name: Perform CodeQL Analysis
3838
uses: github/codeql-action/analyze@v3
@@ -64,7 +64,7 @@ jobs:
6464

6565
- name: Build and Publish Container Image and Record Provenance
6666
run: |
67-
in-toto-run --step "build-push" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- docker/build-push-action@v3
67+
in-toto-run --step "build-push" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- docker/build-push-action@v3
6868
6969
trivy:
7070
name: Run Trivy Scan
@@ -88,7 +88,7 @@ jobs:
8888

8989
- name: Record Trivy Scan Provenance
9090
run: |
91-
in-toto-run --step "trivy-scan" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- trivy
91+
in-toto-run --step "trivy-scan" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- trivy
9292
9393
sign:
9494
name: Sign Container Image with Cosign
@@ -111,7 +111,7 @@ jobs:
111111
112112
- name: Sign Container Image and Record Provenance
113113
run: |
114-
in-toto-run --step "cosign-sign" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- cosign sign --key-env COSIGN_KEY ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
114+
in-toto-run --step "cosign-sign" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- cosign sign --key-env COSIGN_KEY ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
115115
116116
validate-container:
117117
name: Validate Container Image
@@ -134,7 +134,7 @@ jobs:
134134

135135
- name: Verify Signature and Record Provenance
136136
run: |
137-
in-toto-run --step "validate-signature" --materials . --products . --key ${{ secrets.IN_TOTO_KEY }} -- cosign verify --key cosign.key ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
137+
in-toto-run --step "validate-signature" --materials . --products . --signing-key ${{ secrets.IN_TOTO_KEY }} -- cosign verify --key cosign.key ${{ secrets.DOCKER_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }}
138138
139139
- uses: anchore/sbom-action@v0
140140
with:

0 commit comments

Comments
 (0)