.github/workflows/release-docker-image.yml: Re-enable cosign and scan…

…ning of docker images
metal-toolbox · Jun 14, 2023 · f9bdcdc · f9bdcdc
1 parent 6566ea2
commit f9bdcdc
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/.github/workflows/release-docker-image.yml b/.github/workflows/release-docker-image.yml
@@ -34,8 +34,8 @@ jobs:
             type=semver,pattern={{raw}}
             type=sha
 
-      # - name: install cosign
-      #   uses: sigstore/cosign-installer@main
+      - name: install cosign
+        uses: sigstore/cosign-installer@main
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v2
@@ -51,7 +51,6 @@ jobs:
         id: dockerbuild
         uses: docker/build-push-action@v4
         with:
-          sbom: false
           provenance: false
           context: .
           push: true
@@ -67,10 +66,10 @@ jobs:
           # TODO(jaosorior): Fail build once we migrate off CentOS.
           fail-build: false
 
-      # - name: Sign the images with GitHub OIDC Token
-      #   run: cosign sign --recursive --yes ghcr.io/metal-toolbox/ironlib@${{ steps.dockerbuild.outputs.digest }}
-      #   env:
-      #     COSIGN_EXPERIMENTAL: true
+      - name: Sign the images with GitHub OIDC Token
+        run: cosign sign --recursive --yes ghcr.io/metal-toolbox/ironlib@${{ steps.dockerbuild.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: true
 
       - uses: anchore/sbom-action/[email protected]