Skip to content

Commit c1c6ab2

Browse files
Adding image integrity signatures for Gitlab images (#737)
1 parent c007c57 commit c1c6ab2

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

.gitlab-ci.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ ci image:
1010
stage: build
1111
image: registry.ddbuild.io/images/docker:20.10
1212
tags: ["arch:arm64"]
13+
id_tokens:
14+
DDSIGN_ID_TOKEN:
15+
aud: image-integrity
1316
needs: []
1417
rules:
1518
- if: '$CI_COMMIT_BRANCH == "main" && $CI_PIPELINE_SOURCE == "push"'
@@ -19,7 +22,9 @@ ci image:
1922
variables:
2023
DOCKER_TARGET: ${DOCKER_TARGET_IMAGE}:${DOCKER_TARGET_VERSION}
2124
script:
22-
- docker buildx build --platform linux/amd64,linux/arm64 --no-cache --pull --push --tag ${DOCKER_TARGET} -f .gitlab/Dockerfile .
25+
- METADATA_FILE=$(mktemp)
26+
- docker buildx build --platform linux/amd64,linux/arm64 --no-cache --pull ---tag ${DOCKER_TARGET} -f .gitlab/Dockerfile -push --metadata-file ${METADATA_FILE} .
27+
- ddsign sign ${DOCKER_TARGET} --docker-metadata-file ${METADATA_FILE}
2328

2429
.go-cache: &go-cache
2530
key: datadog-lambda-js-go-cache

0 commit comments

Comments
 (0)