cosign
Installation
Entrypoint
Types
Cosign

cosign

Sign a container image using Cosign

Installation

dagger install github.com/opopops/daggerverse/cosign@v1.7.1

Entrypoint

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String !	"cgr.dev/chainguard/wolfi-base:latest"	wolfi-base image
version	String !	"latest"	Cosign version
user	String !	"65532"	Image user
dockerConfig	File	null	Docker config file

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string

func (m *MyModule) Example(image string, version string, user string) *dagger.Cosign  {
	return dag.
			Cosign(image, version, user)
}

@function
def example(image: str, version: str, user: str, ) -> dagger.Cosign:
	return (
		dag.cosign(image, version, user)
	)

@func()
example(image: string, version: string, user: string, ): Cosign {
	return dag
		.cosign(image, version, user)
}

Types

Cosign 🔗

Cosign CLI

attest() 🔗

Attest image with Cosign

Return Type

String !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
predicate	File !	-	path to the predicate file
privateKey	Secret	null	Cosign private key
password	Secret	-	Cosign password
type	String !	""	Specify a predicate type
oidcProvider	String !	""	Specify the provider to get the OIDC token from
oidcIssuer	String !	""	OIDC provider to be used to issue ID toke
recursive	Boolean !	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string attest --image string --predicate file:path --type string --oidc-provider string --oidc-issuer string --recursive boolean

func (m *MyModule) Example(ctx context.Context, image string, version string, user string, image1 string, predicate *dagger.File, type string, oidcProvider string, oidcIssuer string, recursive bool) string  {
	return dag.
			Cosign(image, version, user).
			Attest(ctx, image1, predicate, type, oidcProvider, oidcIssuer, recursive)
}

@function
async def example(image: str, version: str, user: str, image1: str, predicate: dagger.File, type: str, oidc_provider: str, oidc_issuer: str, recursive: bool) -> str:
	return await (
		dag.cosign(image, version, user)
		.attest(image1, predicate, type, oidc_provider, oidc_issuer, recursive)
	)

@func()
async example(image: string, version: string, user: string, image1: string, predicate: File, type: string, oidcProvider: string, oidcIssuer: string, recursive: boolean): Promise<string> {
	return dag
		.cosign(image, version, user)
		.attest(image1, predicate, type, oidcProvider, oidcIssuer, recursive)
}

container() 🔗

Returns container

Return Type

Container !

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string container

func (m *MyModule) Example(image string, version string, user string) *dagger.Container  {
	return dag.
			Cosign(image, version, user).
			Container()
}

@function
def example(image: str, version: str, user: str, ) -> dagger.Container:
	return (
		dag.cosign(image, version, user)
		.container()
	)

@func()
example(image: string, version: string, user: string, ): Container {
	return dag
		.cosign(image, version, user)
		.container()
}

copy() 🔗

Copy the supplied container image and signatures

Return Type

String !

Arguments

Name	Type	Default Value	Description
source	String !	-	Source image
destination	String !	-	Destination image
platform	Scalar	null	Only copy container image and its signatures for a specific platform image
only	[String ! ] !	[]	Custom string array to only copy specific items. ex: --only=sig,att,sbom
force	Boolean !	false	Overwrite destination image(s), if necessary
allowHttpRegistry	Boolean !	false	Whether to allow using HTTP protocol while connecting to registries
allowInsecureRegistry	Boolean !	false	whether to allow insecure connections to registries

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string copy --source string --destination string --only string1 --only string2 --force boolean --allow-http-registry boolean --allow-insecure-registry boolean

func (m *MyModule) Example(ctx context.Context, image string, version string, user string, source string, destination string, only []string, force bool, allowHttpRegistry bool, allowInsecureRegistry bool) string  {
	return dag.
			Cosign(image, version, user).
			Copy(ctx, source, destination, only, force, allowHttpRegistry, allowInsecureRegistry)
}

@function
async def example(image: str, version: str, user: str, source: str, destination: str, only: List[str], force: bool, allow_http_registry: bool, allow_insecure_registry: bool) -> str:
	return await (
		dag.cosign(image, version, user)
		.copy(source, destination, only, force, allow_http_registry, allow_insecure_registry)
	)

@func()
async example(image: string, version: string, user: string, source: string, destination: string, only: string[], force: boolean, allowHttpRegistry: boolean, allowInsecureRegistry: boolean): Promise<string> {
	return dag
		.cosign(image, version, user)
		.copy(source, destination, only, force, allowHttpRegistry, allowInsecureRegistry)
}

generateKeyPair() 🔗

Generate key pair

Return Type

Directory !

Arguments

Name	Type	Default Value	Description
password	Secret	-	Key password

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string generate-key-pair

func (m *MyModule) Example(image string, version string, user string) *dagger.Directory  {
	return dag.
			Cosign(image, version, user).
			GenerateKeyPair()
}

@function
def example(image: str, version: str, user: str, ) -> dagger.Directory:
	return (
		dag.cosign(image, version, user)
		.generate_key_pair()
	)

@func()
example(image: string, version: string, user: string, ): Directory {
	return dag
		.cosign(image, version, user)
		.generateKeyPair()
}

sign() 🔗

Sign image with Cosign

Return Type

String !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
privateKey	Secret	null	Cosign private key
password	Secret	-	Cosign password
oidcProvider	String !	""	Specify the provider to get the OIDC token from
oidcIssuer	String !	""	OIDC provider to be used to issue ID toke
recursive	Boolean !	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string sign --image string --oidc-provider string --oidc-issuer string --recursive boolean

func (m *MyModule) Example(ctx context.Context, image string, version string, user string, image1 string, oidcProvider string, oidcIssuer string, recursive bool) string  {
	return dag.
			Cosign(image, version, user).
			Sign(ctx, image1, oidcProvider, oidcIssuer, recursive)
}

@function
async def example(image: str, version: str, user: str, image1: str, oidc_provider: str, oidc_issuer: str, recursive: bool) -> str:
	return await (
		dag.cosign(image, version, user)
		.sign(image1, oidc_provider, oidc_issuer, recursive)
	)

@func()
async example(image: string, version: string, user: string, image1: string, oidcProvider: string, oidcIssuer: string, recursive: boolean): Promise<string> {
	return dag
		.cosign(image, version, user)
		.sign(image1, oidcProvider, oidcIssuer, recursive)
}

withAttest() 🔗

Attest image with Cosign (For chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
predicate	File !	-	path to the predicate file
privateKey	Secret	null	Cosign private key
password	Secret	null	Cosign password
type	String !	""	Specify a predicate type
oidcProvider	String !	""	Specify the provider to get the OIDC token from
oidcIssuer	String !	""	OIDC provider to be used to issue ID toke
recursive	Boolean !	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string with-attest --image string --predicate file:path --type string --oidc-provider string --oidc-issuer string --recursive boolean

func (m *MyModule) Example(image string, version string, user string, image1 string, predicate *dagger.File, type string, oidcProvider string, oidcIssuer string, recursive bool) *dagger.Cosign  {
	return dag.
			Cosign(image, version, user).
			WithAttest(image1, predicate, type, oidcProvider, oidcIssuer, recursive)
}

@function
def example(image: str, version: str, user: str, image1: str, predicate: dagger.File, type: str, oidc_provider: str, oidc_issuer: str, recursive: bool) -> dagger.Cosign:
	return (
		dag.cosign(image, version, user)
		.with_attest(image1, predicate, type, oidc_provider, oidc_issuer, recursive)
	)

@func()
example(image: string, version: string, user: string, image1: string, predicate: File, type: string, oidcProvider: string, oidcIssuer: string, recursive: boolean): Cosign {
	return dag
		.cosign(image, version, user)
		.withAttest(image1, predicate, type, oidcProvider, oidcIssuer, recursive)
}

withCopy() 🔗

Copy the supplied container image and signatures (for chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
source	String !	-	Source image
destination	String !	-	Destination image
platform	Scalar	null	Only copy container image and its signatures for a specific platform image
only	[String ! ] !	[]	Custom string array to only copy specific items. ex: --only=sig,att,sbom
force	Boolean !	false	Overwrite destination image(s), if necessary
allowHttpRegistry	Boolean !	false	Whether to allow using HTTP protocol while connecting to registries
allowInsecureRegistry	Boolean !	false	whether to allow insecure connections to registries

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string with-copy --source string --destination string --only string1 --only string2 --force boolean --allow-http-registry boolean --allow-insecure-registry boolean

func (m *MyModule) Example(image string, version string, user string, source string, destination string, only []string, force bool, allowHttpRegistry bool, allowInsecureRegistry bool) *dagger.Cosign  {
	return dag.
			Cosign(image, version, user).
			WithCopy(source, destination, only, force, allowHttpRegistry, allowInsecureRegistry)
}

@function
def example(image: str, version: str, user: str, source: str, destination: str, only: List[str], force: bool, allow_http_registry: bool, allow_insecure_registry: bool) -> dagger.Cosign:
	return (
		dag.cosign(image, version, user)
		.with_copy(source, destination, only, force, allow_http_registry, allow_insecure_registry)
	)

@func()
example(image: string, version: string, user: string, source: string, destination: string, only: string[], force: boolean, allowHttpRegistry: boolean, allowInsecureRegistry: boolean): Cosign {
	return dag
		.cosign(image, version, user)
		.withCopy(source, destination, only, force, allowHttpRegistry, allowInsecureRegistry)
}

withRegistryAuth() 🔗

Authenticate with registry

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
username	String !	-	Registry username
secret	Secret !	-	Registry password
address	String !	"docker.io"	Registry host

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string with-registry-auth --username string --secret env:MYSECRET --address string

func (m *MyModule) Example(image string, version string, user string, username string, secret *dagger.Secret, address string) *dagger.Cosign  {
	return dag.
			Cosign(image, version, user).
			WithRegistryAuth(username, secret, address)
}

@function
def example(image: str, version: str, user: str, username: str, secret: dagger.Secret, address: str) -> dagger.Cosign:
	return (
		dag.cosign(image, version, user)
		.with_registry_auth(username, secret, address)
	)

@func()
example(image: string, version: string, user: string, username: string, secret: Secret, address: string): Cosign {
	return dag
		.cosign(image, version, user)
		.withRegistryAuth(username, secret, address)
}

withSign() 🔗

Sign image with Cosign (For chaining)

Return Type

Cosign !

Arguments

Name	Type	Default Value	Description
image	String !	-	Image digest URI
privateKey	Secret	null	Cosign private key
password	Secret	null	Cosign password
oidcProvider	String !	""	Specify the provider to get the OIDC token from
oidcIssuer	String !	""	OIDC provider to be used to issue ID toke
recursive	Boolean !	false	If a multi-arch image is specified, additionally sign each discrete image

Example

dagger -m github.com/opopops/daggerverse/cosign@da9e360149b042572c69908feae6fd0cb68f031a call \
 --image string --version string --user string with-sign --image string --oidc-provider string --oidc-issuer string --recursive boolean

func (m *MyModule) Example(image string, version string, user string, image1 string, oidcProvider string, oidcIssuer string, recursive bool) *dagger.Cosign  {
	return dag.
			Cosign(image, version, user).
			WithSign(image1, oidcProvider, oidcIssuer, recursive)
}

@function
def example(image: str, version: str, user: str, image1: str, oidc_provider: str, oidc_issuer: str, recursive: bool) -> dagger.Cosign:
	return (
		dag.cosign(image, version, user)
		.with_sign(image1, oidc_provider, oidc_issuer, recursive)
	)

@func()
example(image: string, version: string, user: string, image1: string, oidcProvider: string, oidcIssuer: string, recursive: boolean): Cosign {
	return dag
		.cosign(image, version, user)
		.withSign(image1, oidcProvider, oidcIssuer, recursive)
}