From 4d18e7e1d4e26aae8e4acd8e51f0dad8dddaa00f Mon Sep 17 00:00:00 2001 From: RoyalOughtness <129108030+RoyalOughtness@users.noreply.github.com> Date: Sat, 21 Dec 2024 16:09:50 -0800 Subject: [PATCH] fix: use ghcr for cosign (#304) Co-authored-by: Gerald Pinder --- Earthfile | 2 +- template/templates/stages.j2 | 2 +- utils/src/constants.rs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Earthfile b/Earthfile index 44f9dd86..2b7de2b9 100644 --- a/Earthfile +++ b/Earthfile @@ -241,7 +241,7 @@ installer: SAVE ARTIFACT /out/bluebuild cosign: - FROM gcr.io/projectsigstore/cosign + FROM ghcr.io/sigstore/cosign/cosign:v2.4.1 SAVE ARTIFACT /ko-app/cosign digest: diff --git a/template/templates/stages.j2 b/template/templates/stages.j2 index 3fa08b69..a61075f9 100644 --- a/template/templates/stages.j2 +++ b/template/templates/stages.j2 @@ -24,7 +24,7 @@ COPY ./modules /modules # stage process so that adding the bins into the image # can be added to the ostree commits. FROM scratch AS stage-bins -COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /bins/cosign +COPY --from={{ blue_build_utils::constants::COSIGN_IMAGE }} /ko-app/cosign /bins/cosign COPY --from=ghcr.io/blue-build/cli: {%- if let Some(tag) = recipe.blue_build_tag -%} {{ tag }} diff --git a/utils/src/constants.rs b/utils/src/constants.rs index ef97b69c..90ff050f 100644 --- a/utils/src/constants.rs +++ b/utils/src/constants.rs @@ -74,7 +74,7 @@ pub const XDG_RUNTIME_DIR: &str = "XDG_RUNTIME_DIR"; // Misc pub const BUILD_SCRIPTS_IMAGE_REF: &str = "ghcr.io/blue-build/cli/build-scripts"; -pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:latest"; +pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:v2.4.1"; pub const OCI_ARCHIVE: &str = "oci-archive"; pub const OSTREE_IMAGE_SIGNED: &str = "ostree-image-signed"; pub const OSTREE_UNVERIFIED_IMAGE: &str = "ostree-unverified-image";