From f94e28310efcebae36b8071e3a5693ab4f976ff3 Mon Sep 17 00:00:00 2001
From: bmeller <155629015+bmeller@users.noreply.github.com>
Date: Thu, 25 Jan 2024 17:25:41 +0100
Subject: [PATCH] add artifact-ci sign docker (#4174)

* add artifact-ci sign docker

* Update .gitlab-ci.yml

---------

Co-authored-by: Antoine Toulme <antoine@toulme.name>
---
 .gitlab-ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 16116e9e7b..b9d05137ba 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -608,12 +608,14 @@ push-linux-image:
         echo "Tagging and pushing ${IMAGE_NAME}:${ARCH_TAG}"
         docker tag otelcol:${arch} ${IMAGE_NAME}:${ARCH_TAG}
         docker push ${IMAGE_NAME}:${ARCH_TAG}
+        artifact-ci sign docker ${IMAGE_NAME}:${ARCH_TAG} 
         if [[ "${CI_COMMIT_BRANCH:-}" = "main" ]] || [[ "${CI_COMMIT_TAG:-}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
           # only push latest tag for main and stable releases
           LATEST_TAG="latest-${arch}"
           echo "Tagging and pushing ${IMAGE_NAME}:${LATEST_TAG}"
           docker tag ${IMAGE_NAME}:${ARCH_TAG} ${IMAGE_NAME}:${LATEST_TAG}
           docker push ${IMAGE_NAME}:${LATEST_TAG}
+          artifact-ci sign docker ${IMAGE_NAME}:${LATEST_TAG}
         fi
       done
     - |
@@ -668,11 +670,13 @@ build-push-windows-image:
       docker build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg BASE_IMAGE=mcr.microsoft.com/windows/servercore:1809 --build-arg JMX_METRIC_GATHERER_RELEASE=${JMX_METRIC_GATHERER_RELEASE} -f .\cmd\otelcol\Dockerfile.windows .\cmd\otelcol\
       echo "Pushing ${IMAGE_NAME}:${IMAGE_TAG}"
       docker push ${IMAGE_NAME}:${IMAGE_TAG}
+      artifact-ci sign docker ${IMAGE_NAME}:${IMAGE_TAG}
       if ($env:CI_COMMIT_BRANCH -eq "main" -or $env:CI_COMMIT_TAG -match '^v\d+\.\d+\.\d+$') {
         # only push latest tag for main and stable releases
         echo "Tagging and pushing ${IMAGE_NAME}:latest"
         docker tag ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:latest
         docker push ${IMAGE_NAME}:latest
+        artifact-ci sign docker ${IMAGE_NAME}:latest
       }
     - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${IMAGE_TAG} | Tee-Object -FilePath dist/windows_digest.txt
   after_script:
@@ -710,11 +714,13 @@ build-push-windows2022-image:
       docker build -t ${IMAGE_NAME}:${IMAGE_TAG} --build-arg BASE_IMAGE=mcr.microsoft.com/windows/servercore:ltsc2022 --build-arg JMX_METRIC_GATHERER_RELEASE=${JMX_METRIC_GATHERER_RELEASE} -f .\cmd\otelcol\Dockerfile.windows .\cmd\otelcol\
       echo "Pushing ${IMAGE_NAME}:${IMAGE_TAG}"
       docker push ${IMAGE_NAME}:${IMAGE_TAG}
+      artifact-ci sign docker ${IMAGE_NAME}:${IMAGE_TAG}
       if ($env:CI_COMMIT_BRANCH -eq "main" -or $env:CI_COMMIT_TAG -match '^v\d+\.\d+\.\d+$') {
         # only push latest tag for main and stable releases
         echo "Tagging and pushing ${IMAGE_NAME}:latest-2022"
         docker tag ${IMAGE_NAME}:${IMAGE_TAG} ${IMAGE_NAME}:latest-2022
         docker push ${IMAGE_NAME}:latest-2022
+        artifact-ci sign docker ${IMAGE_NAME}:latest-2022
       }
     - docker inspect --format='{{.RepoDigests}}' ${IMAGE_NAME}:${IMAGE_TAG} | Tee-Object -FilePath dist/windows_2022_digest.txt
   after_script: