cosign

Sign a container image using Cosign

Installation

dagger install github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805

Entrypoint

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String	"cgr.dev/chainguard/wolfi-base:latest"	wolfi-base image
version	String	"2.5.2"	Cosign version
user	String	"65532"	Image user

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \

func (m *MyModule) Example() *dagger.Cosign  {
	return dag.
			Cosign()
}

@function
def example() -> dagger.Cosign:
	return (
		dag.cosign()
	)

@func()
example(): Cosign {
	return dag
		.cosign()
}

Types

Cosign 🔗

Cosign Module

attest() 🔗

Attest image with Cosign

Return Type

String !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
predicate	File !	-	path to the predicate file
type	String !	-	Specify a predicate type
privateKey	Secret	null	Cosign private key
password	Secret	null	Cosign password
identityToken	Secret	null	Cosign identity token
oidcProvider	String	""	Specify the provider to get the OIDC token from
oidcIssuer	String	""	OIDC provider to be used to issue ID toke
recursive	Boolean	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 attest --image string --predicate file:path --type string

func (m *MyModule) Example(ctx context.Context, image string, predicate *dagger.File, type string) string  {
	return dag.
			Cosign().
			Attest(ctx, image, predicate, type)
}

@function
async def example(image: str, predicate: dagger.File, type: str) -> str:
	return await (
		dag.cosign()
		.attest(image, predicate, type)
	)

@func()
async example(image: string, predicate: File, type: string): Promise<string> {
	return dag
		.cosign()
		.attest(image, predicate, type)
}

clean() 🔗

Remove all signatures from an image

Return Type

String !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
type	String	"all"	Type of clean

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 clean --image string

func (m *MyModule) Example(ctx context.Context, image string) string  {
	return dag.
			Cosign().
			Clean(ctx, image)
}

@function
async def example(image: str) -> str:
	return await (
		dag.cosign()
		.clean(image)
	)

@func()
async example(image: string): Promise<string> {
	return dag
		.cosign()
		.clean(image)
}

container() 🔗

Returns container

Return Type

Container !

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 container

func (m *MyModule) Example() *dagger.Container  {
	return dag.
			Cosign().
			Container()
}

@function
def example() -> dagger.Container:
	return (
		dag.cosign()
		.container()
	)

@func()
example(): Container {
	return dag
		.cosign()
		.container()
}

copy() 🔗

Copy the supplied container image and signatures

Return Type

String !

Arguments

Name	Type	Default Value	Description
source	String !	-	Source image
destination	String !	-	Destination image
platform	Scalar	null	Only copy container image and its signatures for a specific platform image
only	[String ! ]	[]	Custom string array to only copy specific items. ex: --only=sig,att,sbom
force	Boolean	false	Overwrite destination image(s), if necessary
allowHttpRegistry	Boolean	false	Whether to allow using HTTP protocol while connecting to registries
allowInsecureRegistry	Boolean	false	whether to allow insecure connections to registries

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 copy --source string --destination string

func (m *MyModule) Example(ctx context.Context, source string, destination string) string  {
	return dag.
			Cosign().
			Copy(ctx, source, destination)
}

@function
async def example(source: str, destination: str) -> str:
	return await (
		dag.cosign()
		.copy(source, destination)
	)

@func()
async example(source: string, destination: string): Promise<string> {
	return dag
		.cosign()
		.copy(source, destination)
}

dockerConfig() 🔗

Returns the Docker config file

Return Type

File !

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 docker-config

func (m *MyModule) Example() *dagger.File  {
	return dag.
			Cosign().
			DockerConfig()
}

@function
def example() -> dagger.File:
	return (
		dag.cosign()
		.docker_config()
	)

@func()
example(): File {
	return dag
		.cosign()
		.dockerConfig()
}

generateKeyPair() 🔗

Generate key pair

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
password	Secret	null	Key password

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 generate-key-pair

func (m *MyModule) Example() *dagger.Directory  {
	return dag.
			Cosign().
			GenerateKeyPair()
}

@function
def example() -> dagger.Directory:
	return (
		dag.cosign()
		.generate_key_pair()
	)

@func()
example(): Directory {
	return dag
		.cosign()
		.generateKeyPair()
}

sign() 🔗

Sign image with Cosign

Return Type

String !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
annotations	[String ! ]	[]	Extra key=value pairs to sign
privateKey	Secret	null	Cosign private key
password	Secret	null	Cosign password
identityToken	Secret	null	Cosign identity token
oidcProvider	String	""	Specify the provider to get the OIDC token from
oidcIssuer	String	""	OIDC provider to be used to issue ID toke
recursive	Boolean	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 sign --image string

func (m *MyModule) Example(ctx context.Context, image string) string  {
	return dag.
			Cosign().
			Sign(ctx, image)
}

@function
async def example(image: str) -> str:
	return await (
		dag.cosign()
		.sign(image)
	)

@func()
async example(image: string): Promise<string> {
	return dag
		.cosign()
		.sign(image)
}

withAnnotations() 🔗

Set OIDC provider and issuer (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
annotations	[String ! ] !	-	Extra key=value pairs to sign

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-annotations --annotations string1 --annotations string2

func (m *MyModule) Example(annotations []string) *dagger.Cosign  {
	return dag.
			Cosign().
			WithAnnotations(annotations)
}

@function
def example(annotations: List[str]) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_annotations(annotations)
	)

@func()
example(annotations: string[]): Cosign {
	return dag
		.cosign()
		.withAnnotations(annotations)
}

withAttest() 🔗

Attest image with Cosign (For chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
predicate	File !	-	path to the predicate file
type	String !	-	Specify a predicate type
privateKey	Secret	null	Cosign private key
password	Secret	null	Cosign password
identityToken	Secret	null	Cosign identity token
oidcProvider	String	""	Specify the provider to get the OIDC token from
oidcIssuer	String	""	OIDC provider to be used to issue ID toke
recursive	Boolean	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-attest --image string --predicate file:path --type string

func (m *MyModule) Example(image string, predicate *dagger.File, type string) *dagger.Cosign  {
	return dag.
			Cosign().
			WithAttest(image, predicate, type)
}

@function
def example(image: str, predicate: dagger.File, type: str) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_attest(image, predicate, type)
	)

@func()
example(image: string, predicate: File, type: string): Cosign {
	return dag
		.cosign()
		.withAttest(image, predicate, type)
}

withClean() 🔗

Remove all signatures from an image (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
type	String	"all"	Type of clean

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-clean --image string

func (m *MyModule) Example(image string) *dagger.Cosign  {
	return dag.
			Cosign().
			WithClean(image)
}

@function
def example(image: str) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_clean(image)
	)

@func()
example(image: string): Cosign {
	return dag
		.cosign()
		.withClean(image)
}

withCopy() 🔗

Copy the supplied container image and signatures (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
source	String !	-	Source image
destination	String !	-	Destination image
platform	Scalar	null	Only copy container image and its signatures for a specific platform image
only	[String ! ]	[]	Custom string array to only copy specific items. ex: --only=sig,att,sbom
force	Boolean	false	Overwrite destination image(s), if necessary
allowHttpRegistry	Boolean	false	Whether to allow using HTTP protocol while connecting to registries
allowInsecureRegistry	Boolean	false	whether to allow insecure connections to registries

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-copy --source string --destination string

func (m *MyModule) Example(source string, destination string) *dagger.Cosign  {
	return dag.
			Cosign().
			WithCopy(source, destination)
}

@function
def example(source: str, destination: str) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_copy(source, destination)
	)

@func()
example(source: string, destination: string): Cosign {
	return dag
		.cosign()
		.withCopy(source, destination)
}

withDockerConfig() 🔗

Set Docker config file (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
dockerConfig	File !	-	Docker config file

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-docker-config --docker-config file:path

func (m *MyModule) Example(dockerConfig *dagger.File) *dagger.Cosign  {
	return dag.
			Cosign().
			WithDockerConfig(dockerConfig)
}

@function
def example(docker_config: dagger.File) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_docker_config(docker_config)
	)

@func()
example(dockerConfig: File): Cosign {
	return dag
		.cosign()
		.withDockerConfig(dockerConfig)
}

withEnvVariable() 🔗

Set a new environment variable in the Apko container

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
name	String !	-	Name of the environment variable
value	String !	-	Value of the environment variable
expand	Boolean	false	Replace “${VAR}” or “$VAR” in the value according to the current environment variables defined in the container

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-env-variable --name string --value string

func (m *MyModule) Example(name string, value string) *dagger.Cosign  {
	return dag.
			Cosign().
			WithEnvVariable(name, value)
}

@function
def example(name: str, value: str) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_env_variable(name, value)
	)

@func()
example(name: string, value: string): Cosign {
	return dag
		.cosign()
		.withEnvVariable(name, value)
}

withGenerateKeyPair() 🔗

Generate and include a new key pair (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
password	Secret	null	Key password

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-generate-key-pair

func (m *MyModule) Example() *dagger.Cosign  {
	return dag.
			Cosign().
			WithGenerateKeyPair()
}

@function
def example() -> dagger.Cosign:
	return (
		dag.cosign()
		.with_generate_key_pair()
	)

@func()
example(): Cosign {
	return dag
		.cosign()
		.withGenerateKeyPair()
}

withOidc() 🔗

Set OIDC provider and issuer (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
provider	String	""	Specify the provider to get the OIDC token from
issuer	String	""	OIDC provider to be used to issue ID token

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-oidc

func (m *MyModule) Example() *dagger.Cosign  {
	return dag.
			Cosign().
			WithOidc()
}

@function
def example() -> dagger.Cosign:
	return (
		dag.cosign()
		.with_oidc()
	)

@func()
example(): Cosign {
	return dag
		.cosign()
		.withOidc()
}

withPrivateKey() 🔗

Include the specified private key (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
key	Secret !	-	Key to use for signing
password	Secret	null	Key password
publicKey	File	null	Public key to use for verification

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-private-key --key env:MYSECRET

func (m *MyModule) Example(key *dagger.Secret) *dagger.Cosign  {
	return dag.
			Cosign().
			WithPrivateKey(key)
}

@function
def example(key: dagger.Secret) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_private_key(key)
	)

@func()
example(key: Secret): Cosign {
	return dag
		.cosign()
		.withPrivateKey(key)
}

withRegistryAuth() 🔗

Authenticate with registry

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
username	String !	-	Registry username
secret	Secret !	-	Registry password
address	String	"docker.io"	Registry host

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-registry-auth --username string --secret env:MYSECRET

func (m *MyModule) Example(username string, secret *dagger.Secret) *dagger.Cosign  {
	return dag.
			Cosign().
			WithRegistryAuth(username, secret)
}

@function
def example(username: str, secret: dagger.Secret) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_registry_auth(username, secret)
	)

@func()
example(username: string, secret: Secret): Cosign {
	return dag
		.cosign()
		.withRegistryAuth(username, secret)
}

withSecretVariable() 🔗

Set a new environment variable, using a secret value

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
name	String !	-	Name of the secret variable
secret	Secret !	-	Identifier of the secret value

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-secret-variable --name string --secret env:MYSECRET

func (m *MyModule) Example(name string, secret *dagger.Secret) *dagger.Cosign  {
	return dag.
			Cosign().
			WithSecretVariable(name, secret)
}

@function
def example(name: str, secret: dagger.Secret) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_secret_variable(name, secret)
	)

@func()
example(name: string, secret: Secret): Cosign {
	return dag
		.cosign()
		.withSecretVariable(name, secret)
}

withSign() 🔗

Sign image with Cosign (For chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
annotations	[String ! ]	[]	Extra key=value pairs to sign
privateKey	Secret	null	Cosign private key
password	Secret	null	Cosign password
identityToken	Secret	null	Cosign identity token
oidcProvider	String	""	Specify the provider to get the OIDC token from
oidcIssuer	String	""	OIDC provider to be used to issue ID toke
recursive	Boolean	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@b352411e8b8d0b5e2705e1f5e3db386fc35b5805 call \
 with-sign --image string

func (m *MyModule) Example(image string) *dagger.Cosign  {
	return dag.
			Cosign().
			WithSign(image)
}

@function
def example(image: str) -> dagger.Cosign:
	return (
		dag.cosign()
		.with_sign(image)
	)

@func()
example(image: string): Cosign {
	return dag
		.cosign()
		.withSign(image)
}