embano1 · March 11, 2022 12:15 · embano1 · Mar 11, 2022
diff --git a/workflow.yaml b/workflow.yaml
 name: image

 on:
  push:
    branches: ['main']
  workflow_dispatch:

 permissions:
  contents: read
  packages: write
  id-token: write

 jobs:
  image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-go@v1
        with:
          go-version: 1.17.x
      - uses: sigstore/[email protected]

      # Build ko from HEAD, build and push an image tagged with the commit SHA,
      # then keylessly sign it with cosign.
      - name: Publish and sign image
        env:
          KO_DOCKER_REPO: ghcr.io/${{ github.repository }}
          COSIGN_EXPERIMENTAL: 'true'
        run: |
          go build ./
          echo "${{ github.token }}" | ./ko login ghcr.io --username "${{ github.actor }}" --password-stdin
          img=$(./ko build --bare --platform=all -t latest -t ${{ github.sha }} ./)
          echo "built ${img}"
          cosign sign ${img} \
              -a sha=${{ github.sha }} \
              -a run_id=${{ github.run_id }} \
              -a run_attempt=${{ github.run_attempt }}
	name: image

	on:
	push:
	branches: ['main']
	workflow_dispatch:

	permissions:
	contents: read
	packages: write
	id-token: write

	jobs:
	image:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-go@v1
	with:
	go-version: 1.17.x
	- uses: sigstore/[email protected]

	# Build ko from HEAD, build and push an image tagged with the commit SHA,
	# then keylessly sign it with cosign.
	- name: Publish and sign image
	env:
	KO_DOCKER_REPO: ghcr.io/${{ github.repository }}
	COSIGN_EXPERIMENTAL: 'true'
	run: \|
	go build ./
	echo "${{ github.token }}" \| ./ko login ghcr.io --username "${{ github.actor }}" --password-stdin
	img=$(./ko build --bare --platform=all -t latest -t ${{ github.sha }} ./)
	echo "built ${img}"
	cosign sign ${img} \
	-a sha=${{ github.sha }} \
	-a run_id=${{ github.run_id }} \
	-a run_attempt=${{ github.run_attempt }}