Skip to content
This repository has been archived by the owner on Oct 18, 2024. It is now read-only.

Commit

Permalink
fix(build.yml): cosign check
Browse files Browse the repository at this point in the history
  • Loading branch information
scottames committed Jan 27, 2024
1 parent d513510 commit 7ccbe7f
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,20 +60,20 @@ jobs:
- uses: sigstore/cosign-installer@v3.3.0
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'

- name: Check SIGNING_SECRET matches cosign.pub
- name: Check COSIGN_PRIVATE_KEY matches cosign.pub
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/live'
env:
COSIGN_EXPERIMENTAL: false
COSIGN_PASSWORD: ""
COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
shell: bash
run: |
echo "Checking for difference between public key from SIGNING_SECRET and cosign.pub"
echo "Checking for difference between public key from COSIGN_PRIVATE_KEY and cosign.pub"
delta=$(diff -u <(cosign public-key --key env://COSIGN_PRIVATE_KEY) cosign.pub)
if [ -z "$delta" ]; then
echo "cosign.pub matches SIGNING_SECRET"
echo "cosign.pub matches COSIGN_PRIVATE_KEY"
else
echo "cosign.pub does not match SIGNING_SECRET"
echo "cosign.pub does not match COSIGN_PRIVATE_KEY"
echo "$delta"
exit 1
fi
Expand Down

0 comments on commit 7ccbe7f

Please sign in to comment.