1#!/usr/bin/env bash
2
3# Copyright 2022 The Sigstore Authors
4#
5# Licensed under the Apache License, Version 2.0 (the "License"";
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -o errexit
18set -o nounset
19set -o pipefail
20
21: "${GIT_HASH:?Environment variable empty or not defined.}"
22: "${GIT_VERSION:?Environment variable empty or not defined.}"
23
24if [[ ! -f timestampServerImagerefs ]]; then
25 echo "timestampServerImagerefs not found"
26 exit 1
27fi
28
29if [[ ! -f timestampCLIImagerefs ]]; then
30 echo "timestampCLIImagerefs not found"
31 exit 1
32fi
33
34echo "Signing images with Keyless..."
35readarray -t server_images < <(cat timestampServerImagerefs || true)
36cosign sign --yes -a GIT_HASH="${GIT_HASH}" -a GIT_VERSION="${GIT_VERSION}" "${server_images[@]}"
37cosign verify --certificate-identity-regexp ".*" --certificate-oidc-issuer-regexp ".*" "${server_images[@]}"
38
39readarray -t cli_images < <(cat timestampCLIImagerefs || true)
40cosign sign --yes -a GIT_HASH="${GIT_HASH}" -a GIT_VERSION="${GIT_VERSION}" "${cli_images[@]}"
41cosign verify --certificate-identity-regexp ".*" --certificate-oidc-issuer-regexp ".*" "${cli_images[@]}"
View as plain text