drone-cosign-plugin

module
v0.0.0-...-670dc51 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 22, 2022 License: BlueOak-1.0.0

README

Drone cosign Plugin

A Drone plugin sign the container images using sigstore.

IMPORTANT:

  • The plugin is under development and currently does not support all the options provided by cosign.
  • Current version only supports keyful signing and verification using keys

Usage

The following settings changes this plugin's behavior.

  • key: The private key file that will be used to sign the image or public key file that will be used to verify the image
  • key_password: The password to use with the key. If not provided will lookup an environment variable named COSIGN_PASSWORD.
  • verify: Flag to indicate to sign or verify.
  • key_password: The google cloud region to set as default region. If provided the Artifact Registry for Docker will be enabled in these regions.
  • images: An array images that needs to be signed.
  • insecure: Whether an insecure registry is used. Should only be used for testing/development
  • dry_run: Whether to upload the signature to the repository.
  • check_claims: Flag to indicate to check the claims. Defaults true.
Sign
kind: pipeline
type: docker
name: default

steps:
- name: sign
  image: kameshsampath/drone-cosign
  pull: never
  settings:
      # path relative to sources or load it from secret
      key: cosign.key
      key_password: 
        from_secret: key_password
      images: 
        - mycontainer-registry/my-image:latest@sha256:fc48fd8b997337537ddd4cf954931bddbcf28467c326645d87f83b0e0d46f4f9
Verify
kind: pipeline
type: docker
name: default

steps:
# build docker image 
- name: verify
  image: kameshsampath/drone-cosign
  pull: never
  settings:
      verify: true
      # path relative to sources or load it from secret
      key: cosign.pub
      images: 
        - mycontainer-registry/my-image:latest@sha256:fc48fd8b997337537ddd4cf954931bddbcf28467c326645d87f83b0e0d46f4f9

Please check the examples folder for .drone.yml with other settings.

Building

Run the following command to build and push the image manually

drone exec

Testing

docker run --rm \
  -e PLUGIN_KEY=$PLUGIN_COSIGN_KEY \
  -e PLUGIN_IMAGES="foo/example" \
  -e PLUGIN_KEY_PASSWORD=$PLUGIN_COSIGN_KEY_PASSWORD \
  kameshsampath/drone-cosign

Directories

Path Synopsis
cmd
plugin

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.