Skip to content

README.md

Latest commit

 

History

History
146 lines (102 loc) · 8.93 KB

README.md

File metadata and controls

146 lines (102 loc) · 8.93 KB

Icon GitHub Action: Docker - Sign images

Docker - Sign images

Marketplace Release License Stars PRs Welcome

Overview

Action to sign OCI images. It is based on cosign. It signs the images with the GitHub Actions OIDC token. If the provided image does not have a digest, it will retrieve the digest using docker buildx imagetools inspect.

Permissions

If default GitHub token is used, the following permissions are required:

permissions:
  id-token: write

Usage

- uses: hoverkraft-tech/ci-github-container/actions/docker/sign-images@e4bf7a12228a2a4b5993d2d36b99b4dd0ec80bf5 # 0.32.1
  with:
    # Images to sign.
    # Can be a single image or a list of images separated by commas or newlines or spaces.
    # The images should be in the format `registry/name:tag@digest`.
    # It can also be a list of images in JSON format.
    # Example:
    #
    # ```json
    # [
    # "ghcr.io/my-org/my-repo/application:pr-63-5222075@sha256:d31aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f49d",
    # "ghcr.io/my-org/my-repo/application:pr-63@sha256:0f5aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f402"
    # ]
    # ```
    #
    # If the image does not have a digest, it will retrieve the digest using `docker buildx imagetools inspect`.
    #
    # This input is required.
    images: ""

    # GitHub Token to sign the image.
    # Permissions:
    # - `id-token`: `write`
    #
    # Default: `${{ github.token }}`
    github-token: ${{ github.token }}

Inputs

Input Description Required Default
images Images to sign. true -
Can be a single image or a list of images separated by commas or newlines or spaces.
The images should be in the format registry/name:tag@digest.
It can also be a list of images in JSON format.
Example: 
[
 "ghcr.io/my-org/my-repo/application:pr-63-5222075@sha256:d31aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f49d",
 "ghcr.io/my-org/my-repo/application:pr-63@sha256:0f5aa93410434ac9dcfc9179cac2cb1fd4d7c27f11527addc40299c7c675f402"
]
If the image does not have a digest, it will retrieve the digest using docker buildx imagetools inspect.
github-token GitHub Token to sign the image. false ${{ github.token }}
Permissions:
- id-token: write

Contributing

Contributions are welcome! Please see the contributing guidelines for more details.

License

This project is licensed under the MIT License.

SPDX-License-Identifier: MIT

Copyright © 2026 hoverkraft

For more details, see the license.

This documentation was automatically generated by CI Dokumentor.