Commit 9462ea33 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '172-issue-in-cosign-documentation-in-readme' into 'master' 

Resolve "Issue in cosign documentation in README"

Closes #172

See merge request to-be-continuous/docker!187
parents 2902ffb4 a299efc0

README.md

+3 −3
Original line number Diff line number Diff line
@@ -252,14 +252,14 @@ The signing process can be configured with the following variables: 


| Input / Variable                                          | Description                                  | Default value         |

| --------------------------------------------------------- | -------------------------------------------- | --------------------- |

| `cosign-strategy` / `DOCKER_COSIGN_STRATEGY`              | Determines when images should be signed with [cosign](https://github.com/sigstore/cosign (`never`: disabled, `onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `cosign-enabled` / `DOCKER_COSIGN_ENABLED` takes precedence | `never` |

| `cosign-strategy` / `DOCKER_COSIGN_STRATEGY`              | Determines when images should be signed with [cosign](https://github.com/sigstore/cosign) (`never`: disabled, `onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline) | `never` |

| `cosign-opts` / `DOCKER_COSIGN_OPTS`                      | Options for [`cosign sign`](https://docs.sigstore.dev/cosign/signing/signing_with_containers/) command | `--tlog-upload=false --recursive` |

| `cosign-attest-opts` / `DOCKER_COSIGN_ATTEST_OPTS`        | Options for [`cosign attest`](https://docs.sigstore.dev/cosign/verifying/attestation/) command

 | `--tlog-upload=false` |

| `cosign-annotations` / `DOCKER_COSIGN_ANNOTATIONS`        | Additional annotations to add to the signature | GitLab build provenance data |

| `cosign-dist-url` / `DOCKER_COSIGN_DIST_URL`              | Url to the `linux-amd64` binary of Cosign to use (ex: `https://github.com/sigstore/cosign/releases/download/v2.5.0/cosign-linux-amd64`)<br/>_When unset, the latest version will be used_ | _none_ |

| :lock: `cosign-private-key` / `DOCKER_COSIGN_PRIVATE_KEY` | Private key used for signing the Docker image and the attestation | _none_ |

| :lock: `cosign-password` / `COSIGN_PASSWORD`              | Password of the private key | _none_ |

| :lock: `DOCKER_COSIGN_PRIVATE_KEY` | Private key used for signing the Docker image and the attestation | _none_ |

| :lock: `COSIGN_PASSWORD`              | Password of the private key | _none_ |



## Multi Dockerfile support

kicker.json

+1 −1
Original line number Diff line number Diff line
@@ -226,7 +226,7 @@ 
          "name": "DOCKER_COSIGN_STRATEGY",

          "type": "enum",

          "values": ["never", "onrelease", "always"],

          "description": "Determines when images should be signed with [cosign](https://github.com/sigstore/cosign (`never`: disabled, `onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).",

          "description": "Determines when images should be signed with [cosign](https://github.com/sigstore/cosign) (`never`: disabled, `onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).",

          "default": "never"

        },

        {