Skip to content
This repository was archived by the owner on Apr 22, 2024. It is now read-only.

Commit 0811d47

Browse files
BobyMCbobsBobyMCbobs
committed
chore: add checksum signing
sign checksum to verify it's integrity
1 parent e36da20 commit 0811d47

File tree

2 files changed

+11
-1
lines changed

2 files changed

+11
-1
lines changed

.github/workflows/test-iso.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ jobs:
2121
permissions:
2222
contents: read
2323
packages: write
24+
id-token: write
2425
strategy:
2526
fail-fast: false
2627
matrix:
@@ -55,4 +56,4 @@ jobs:
5556
run: exit 1
5657
- name: Exit
5758
shell: bash
58-
run: exit 0
59+
run: exit 0

action.yml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,9 @@ runs:
7474
ref: ${{ inputs.ACTION_REF }}
7575
submodules: recursive
7676

77+
- name: install cosign
78+
uses: sigstore/[email protected]
79+
7780
- name: Install dependencies
7881
shell: bash
7982
run: make install-deps
@@ -124,6 +127,12 @@ runs:
124127
sha256sum ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso > ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM
125128
mv ${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.iso end_iso/
126129
130+
- name: sign checksum
131+
shell: bash
132+
run: |
133+
cosign sign-blob ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM --bundle ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.bundle
134+
cosign verify-blob ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}-CHECKSUM --bundle ./end_iso/${{ inputs.IMAGE_NAME }}-${{ inputs.IMAGE_TAG || inputs.VERSION }}.bundle
135+
127136
- name: Upload ISO as artifact
128137
uses: actions/upload-artifact@v4
129138
with:

0 commit comments

Comments
 (0)