Check Docker Hub images #125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Check Docker Hub images" | |
| on: | |
| schedule: | |
| - cron: '37 6 * * 3' | |
| permissions: {} | |
| jobs: | |
| dockerhub-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 | |
| - name: Install yq | |
| run: sudo snap install yq | |
| - name: Check main image | |
| run: DOCKER_CONTENT_TRUST=1 docker pull $(yq e '.deployment.image' helm/values.yaml) | |
| - name: Check all images | |
| run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/connaisseur -a | |
| - name: Check signed test image | |
| run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/testimage:signed | |
| - name: Check other signed test image | |
| run: DOCKER_CONTENT_TRUST=1 docker pull docker.io/securesystemsengineering/testimage:special_sig | |
| - name: Check unsigned test image | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:unsigned | |
| - name: Check Cosign signed test image | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-signed | |
| - name: Check Cosign unsigned test image | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-unsigned | |
| - name: Check Cosign test image signed with alternative key | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:co-signed-alt | |
| - name: Check Cosign multisigner test image signed by alice | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-alice | |
| - name: Check Cosign multisigner test image signed by bob | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-bob | |
| - name: Check Cosign multisigner test image signed by charlie | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-charlie | |
| - name: Check Cosign multisigner test image signed by bob and charlie | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-bob-charlie | |
| - name: Check Cosign multisigner test image signed by charlie and alice | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-charlie-alice | |
| - name: Check Cosign multisigner test image signed by alice, bob and charlie | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:multi-cosigned-alice-bob-charlie | |
| - name: Check Cosign cosigned testimage not in rekor log | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:rekor-cosigned-notl | |
| - name: Check Cosign cosigned testimage in rekor log | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/testimage:rekor-cosigned-tl | |
| - name: Check alerting endpoint image | |
| run: DOCKER_CONTENT_TRUST=0 docker pull docker.io/securesystemsengineering/alerting-endpoint |