Text file src/github.com/sigstore/cosign/v2/release/ko-sign-release-images.sh

Documentation: github.com/sigstore/cosign/v2/release

     1#!/usr/bin/env bash
     2
     3# Copyright 2022 The Sigstore Authors
     4#
     5# Licensed under the Apache License, Version 2.0 (the "License"";
     6# you may not use this file except in compliance with the License.
     7# You may obtain a copy of the License at
     8#
     9#      http://www.apache.org/licenses/LICENSE-2.0
    10#
    11# Unless required by applicable law or agreed to in writing, software
    12# distributed under the License is distributed on an "AS IS" BASIS,
    13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14# See the License for the specific language governing permissions and
    15# limitations under the License.
    16
    17set -o errexit
    18set -o nounset
    19set -o pipefail
    20
    21: "${GIT_HASH:?Environment variable empty or not defined.}"
    22: "${GIT_VERSION:?Environment variable empty or not defined.}"
    23: "${PROJECT_ID:?Environment variable empty or not defined.}"
    24: "${KEY_LOCATION:?Environment variable empty or not defined.}"
    25: "${KEY_RING:?Environment variable empty or not defined.}"
    26: "${KEY_NAME:?Environment variable empty or not defined.}"
    27: "${KEY_VERSION:?Environment variable empty or not defined.}"
    28
    29
    30if [[ ! -f cosignImagerefs ]]; then
    31    echo "cosignImagerefs not found"
    32    exit 1
    33fi
    34
    35if [[ ! -f cosignDevImagerefs ]]; then
    36    echo "cosignDevImagerefs not found"
    37    exit 1
    38fi
    39
    40echo "Signing cosign images with GCP KMS Key..."
    41cosign sign --yes --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat cosignImagerefs)
    42
    43echo "Signing images with Keyless..."
    44cosign sign --yes -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat cosignImagerefs)
    45
    46echo "Signing cosign images with GCP KMS Key..."
    47cosign sign --yes --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat cosignDevImagerefs)
    48
    49echo "Signing images with Keyless..."
    50cosign sign --yes -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat cosignDevImagerefs)

View as plain text