Text file src/github.com/sigstore/rekor/release/ko-sign-release-images.sh

Documentation: github.com/sigstore/rekor/release

     1#!/usr/bin/env bash
     2
     3# Copyright 2022 The Sigstore Authors
     4#
     5# Licensed under the Apache License, Version 2.0 (the "License"";
     6# you may not use this file except in compliance with the License.
     7# You may obtain a copy of the License at
     8#
     9#      http://www.apache.org/licenses/LICENSE-2.0
    10#
    11# Unless required by applicable law or agreed to in writing, software
    12# distributed under the License is distributed on an "AS IS" BASIS,
    13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14# See the License for the specific language governing permissions and
    15# limitations under the License.
    16
    17set -o errexit
    18set -o nounset
    19set -o pipefail
    20
    21: "${GIT_HASH:?Environment variable empty or not defined.}"
    22: "${GIT_VERSION:?Environment variable empty or not defined.}"
    23: "${PROJECT_ID:?Environment variable empty or not defined.}"
    24: "${KEY_LOCATION:?Environment variable empty or not defined.}"
    25: "${KEY_RING:?Environment variable empty or not defined.}"
    26: "${KEY_NAME:?Environment variable empty or not defined.}"
    27: "${KEY_VERSION:?Environment variable empty or not defined.}"
    28
    29if [[ ! -f rekorServerImagerefs ]]; then
    30    echo "rekorServerImagerefs not found"
    31    exit 1
    32fi
    33
    34if [[ ! -f rekorCliImagerefs ]]; then
    35    echo "rekorCliImagerefs not found"
    36    exit 1
    37fi
    38
    39if [[ ! -f bRedisImagerefs ]]; then
    40    echo "bRedisImagerefs not found"
    41    exit 1
    42fi
    43
    44echo "Signing images with GCP KMS Key..."
    45cosign sign --yes --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat rekorServerImagerefs)
    46cosign sign --yes --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat rekorCliImagerefs)
    47cosign sign --yes --key "gcpkms://projects/$PROJECT_ID/locations/$KEY_LOCATION/keyRings/$KEY_RING/cryptoKeys/$KEY_NAME/versions/$KEY_VERSION" -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat bRedisImagerefs)
    48
    49echo "Signing images with Keyless..."
    50cosign sign --yes -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat rekorServerImagerefs)
    51cosign sign --yes -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat rekorCliImagerefs)
    52cosign sign --yes -a GIT_HASH="$GIT_HASH" -a GIT_VERSION="$GIT_VERSION" $(cat bRedisImagerefs)

View as plain text