build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.7.0 in the production-dependencies group across 1 directory #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: bpfman-image-build | |
| on: # yamllint disable-line rule:truthy | |
| push: | |
| branches: [main] | |
| tags: | |
| - v* | |
| pull_request: | |
| paths: [.github/workflows/image-build.yaml] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout bpfman | |
| uses: actions/checkout@v4 | |
| - name: Build bpfman binary | |
| run: cargo build -p bpfman --verbose | |
| - name: archive bpfman binary | |
| run: | | |
| cd target/debug | |
| tar -czvf bpfman.tar.gz bpfman | |
| - name: Archive bpfman Binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bpfman | |
| path: | | |
| ./target/debug/bpfman.tar.gz | |
| build-and-push-images: | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write # needed for signing the images with GitHub OIDC Token | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - registry: quay.io | |
| # build_language: rust - Not building locally, so don't install rust toolchain | |
| repository: bpfman | |
| image: bpfman | |
| dockerfile: ./Containerfile.bpfman | |
| context: . | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-xdp-counter | |
| context: . | |
| dockerfile: ./examples/go-xdp-counter/container-deployment/Containerfile.go-xdp-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-tc-counter | |
| context: . | |
| dockerfile: ./examples/go-tc-counter/container-deployment/Containerfile.go-tc-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-tracepoint-counter | |
| context: . | |
| dockerfile: ./examples/go-tracepoint-counter/container-deployment/Containerfile.go-tracepoint-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-kprobe-counter | |
| context: . | |
| dockerfile: ./examples/go-kprobe-counter/container-deployment/Containerfile.go-kprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-uprobe-counter | |
| context: . | |
| dockerfile: ./examples/go-uprobe-counter/container-deployment/Containerfile.go-uprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-uretprobe-counter | |
| context: . | |
| dockerfile: ./examples/go-uretprobe-counter/container-deployment/Containerfile.go-uretprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-target | |
| context: . | |
| dockerfile: ./examples/go-target/container-deployment/Containerfile.go-target | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| # build_language: go - Not building locally, so don't install go tools | |
| repository: bpfman-userspace | |
| image: go-app-counter | |
| context: . | |
| dockerfile: ./examples/go-app-counter/container-deployment/Containerfile.go-app-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| name: Build Image (${{ matrix.image.image }}) | |
| steps: | |
| - name: Checkout bpfman | |
| uses: actions/checkout@v4 | |
| - name: Install cosign | |
| uses: sigstore/[email protected] | |
| - name: Login to quay.io/bpfman | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman'}} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_USERNAME }} | |
| password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | |
| - name: Login to quay.io/bpfman-userspace | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman-userspace'}} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_USERSPACE_USERNAME }} | |
| password: ${{ secrets.BPFMAN_USERSPACE_ROBOT_TOKEN }} | |
| - name: Extract metadata (tags, labels) for image | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | |
| tags: ${{ matrix.image.tags }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push | |
| id: build-push-image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: linux/amd64, linux/arm64 | |
| # TBD: linux/ppc64le, linux/s390x | |
| push: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| file: ${{ matrix.image.dockerfile }} | |
| build-args: ${{ matrix.image.build_args }} | |
| context: ${{ matrix.image.context }} | |
| - name: Sign the images with GitHub OIDC Token | |
| if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
| run: | | |
| readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | |
| for tag in ${tags[@]}; do | |
| cosign sign -y "${tag}@${{ steps.build-push-image.outputs.digest }}" | |
| done | |
| build-and-push-bytecode-images: | |
| needs: [build] | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write # needed for signing the images with GitHub OIDC Token | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-xdp-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-xdp-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-tc-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-tc-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-tracepoint-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-tracepoint-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-kprobe-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-kprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-uprobe-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-uprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-uretprobe-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-uretprobe-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: go | |
| bpf_build_wrapper: go | |
| repository: bpfman-bytecode | |
| image: go-app-counter | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./examples/go-app-counter | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: xdp_pass | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/xdp_pass.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: xdp_pass_private | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/xdp_pass.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: tc_pass | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/tc_pass.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: tracepoint | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/tp_openat.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: uprobe | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/uprobe.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: uretprobe | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/uprobe.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: kprobe | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/kprobe.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: kretprobe | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/kprobe.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: fentry | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/fentry.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman-bytecode | |
| image: fexit | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./tests/integration-test/bpf/.output/fentry.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| # set latest tag for default branch | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman | |
| image: xdp-dispatcher | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./.output/xdp_dispatcher_v1.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| type=raw,value=v1,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman | |
| image: xdp-dispatcher | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./.output/xdp_dispatcher_v2.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| type=raw,value=v2,enable={{is_default_branch}} | |
| - registry: quay.io | |
| build_language: rust | |
| bpf_build_wrapper: rust | |
| repository: bpfman | |
| image: tc-dispatcher | |
| context: . | |
| dockerfile: ./Containerfile.bytecode.multi.arch | |
| bytecode_dir: ./.output/tc_dispatcher.bpf | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long | |
| type=raw,value=v1,enable={{is_default_branch}} | |
| name: Build eBPF Image (${{ matrix.image.image }}) | |
| steps: | |
| - name: Checkout bpfman | |
| uses: actions/checkout@v4 | |
| - name: Install Golang | |
| uses: actions/setup-go@v5 | |
| if: ${{ matrix.image.build_language == 'go' }} | |
| with: | |
| # prettier-ignore | |
| go-version: '1.22' # yamllint disable-line rule:quoted-strings | |
| - name: Install cosign | |
| uses: sigstore/[email protected] | |
| - name: Checkout libbpf | |
| uses: actions/checkout@v4 | |
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | |
| with: | |
| repository: libbpf/libbpf | |
| path: libbpf | |
| - name: Install rust toolchain - stable | |
| uses: actions-rs/toolchain@v1 | |
| if: ${{ matrix.image.build_language == 'rust' }} | |
| with: | |
| toolchain: stable | |
| override: true | |
| - name: Install libelf-dev | |
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' || matrix.image.bpf_build_wrapper == 'go' }} | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y linux-headers-`uname -r` clang lldb lld libelf-dev gcc-multilib libbpf-dev | |
| - name: Build rust wrapped eBPF | |
| if: ${{ matrix.image.bpf_build_wrapper == 'rust' }} | |
| run: | | |
| cargo xtask build-ebpf --libbpf-dir ./libbpf | |
| - name: Generate go wrapped eBPF | |
| if: ${{ matrix.image.bpf_build_wrapper == 'go' }} | |
| run: | | |
| cd examples && make generate | |
| - name: Login to quay.io/bpfman | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman'}} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_USERNAME }} | |
| password: ${{ secrets.BPFMAN_ROBOT_TOKEN }} | |
| - name: Login to quay.io/bpfman-bytecode | |
| uses: redhat-actions/podman-login@v1 | |
| if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && matrix.image.repository == 'bpfman-bytecode' }} | |
| with: | |
| registry: ${{ matrix.image.registry }} | |
| username: ${{ secrets.BPFMAN_BYTECODE_USERNAME }} | |
| password: ${{ secrets.BPFMAN_BYTECODE_ROBOT_TOKEN }} | |
| - name: Download bpfman binary | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bpfman | |
| - name: Unpack bpfman binary | |
| run: | | |
| tar -C /usr/local/bin -xzvf bpfman.tar.gz | |
| - name: Extract metadata (tags, labels) for image | |
| id: meta | |
| uses: docker/[email protected] | |
| with: | |
| images: ${{ matrix.image.registry }}/${{ matrix.image.repository }}/${{ matrix.image.image }} | |
| tags: ${{ matrix.image.tags }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Manually generate build args | |
| id: build-tags | |
| run: | | |
| bytecode_data=$(bpfman image generate-build-args --cilium-ebpf-project ${{ matrix.image.bytecode_dir }}) | |
| build_args="${bytecode_data}\n" | |
| printf BUILD_ARGS="$build_args" >> $GITHUB_ENV | |
| { | |
| echo 'BUILD_ARGS<<EOF' | |
| printf "$build_args" | |
| echo EOF | |
| } >> "$GITHUB_ENV" | |
| - name: Build and push | |
| id: build-push-image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x | |
| push: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| file: ${{ matrix.image.dockerfile }} | |
| build-args: ${{ env.BUILD_ARGS }} | |
| context: ${{ matrix.image.context }} | |
| - name: Sign the images with GitHub OIDC Token | |
| if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }} | |
| run: | | |
| readarray -t tags <<<"${{ steps.meta.outputs.tags }}" | |
| for tag in ${tags[@]}; do | |
| cosign sign -y "${tag}@${{ steps.build-push-image.outputs.digest }}" | |
| done |