From 8b61a1bfa7d0f7f7e1fc6ad8999f53b81d3a660e Mon Sep 17 00:00:00 2001 From: rjshrjndrn Date: Thu, 26 Jan 2023 10:52:05 +0100 Subject: [PATCH] chore(build): Adding container signing to alerts and crons Signed-off-by: rjshrjndrn --- api/build.sh | 4 ++-- api/build_alerts.sh | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/api/build.sh b/api/build.sh index 0e82088fe..4977d2747 100644 --- a/api/build.sh +++ b/api/build.sh @@ -59,11 +59,11 @@ function build_api(){ check_prereq build_api $environment echo buil_complete -IMAGE_TAG=$IMAGE_TAG PUSH_IMAGE=$PUSH_IMAGE DOCKER_REPO=$DOCKER_REPO bash build_alerts.sh $1 +IMAGE_TAG=$IMAGE_TAG PUSH_IMAGE=$PUSH_IMAGE DOCKER_REPO=$DOCKER_REPO SIGN_IMAGE=$SIGN_IMAGE SIGN_KEY=$SIGN_KEY bash build_alerts.sh $1 [[ $environment == "ee" ]] && { cp ../ee/api/build_crons.sh . - IMAGE_TAG=$IMAGE_TAG PUSH_IMAGE=$PUSH_IMAGE DOCKER_REPO=$DOCKER_REPO bash build_crons.sh $1 + IMAGE_TAG=$IMAGE_TAG PUSH_IMAGE=$PUSH_IMAGE DOCKER_REPO=$DOCKER_REPO SIGN_IMAGE=$SIGN_IMAGE SIGN_KEY=$SIGN_KEY bash build_crons.sh $1 exit_err $? rm build_crons.sh } || true diff --git a/api/build_alerts.sh b/api/build_alerts.sh index 81c4cdb36..b3c738b99 100644 --- a/api/build_alerts.sh +++ b/api/build_alerts.sh @@ -40,6 +40,9 @@ function build_alerts(){ docker tag ${DOCKER_REPO:-'local'}/alerts:${image_tag} ${DOCKER_REPO:-'local'}/alerts:${tag}latest docker push ${DOCKER_REPO:-'local'}/alerts:${tag}latest } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/alerts:${image_tag} + } echo "completed alerts build" }