1#!/usr/bin/env bash
2set -o pipefail -o errexit -o nounset -x
3
4readonly COSIGN="{{cosign_path}}"
5readonly CRANE="{{crane_path}}"
6readonly REPOSITORY_FILE="{{full_repo_ref_file}}"
7readonly COSIGN_KEY="{{cosign_key}}"
8readonly SKIP_CONFIRMATION="{{skip_confirmation}}"
9
10REPOSITORY=$(tr -d '\n' < "$REPOSITORY_FILE")
11KEY=$(tr -d '\n' < "$COSIGN_KEY")
12
13
14"$COSIGN" sign "$REPOSITORY" "$SKIP_CONFIRMATION" --key="${KEY}"
15
16REGISTRY=$(echo "$REPOSITORY" | cut -d '@' -f1)
17CONTAINER_DIGEST=$(echo "$REPOSITORY" | cut -d ':' -f2 )
18SIGNATURE_TAG="sha256-${CONTAINER_DIGEST}.sig"
19
20SIGNATURE_DIGEST=$(${CRANE} digest "${REGISTRY}:${SIGNATURE_TAG}")
21SIGNATURE_REPOSITORY="${REGISTRY}@${SIGNATURE_DIGEST}"
22
23echo "$SIGNATURE_REPOSITORY"
View as plain text