cosign
Sign a container image using Cosign
Installation
dagger install github.com/opopops/daggerverse/cosign@v1.8.0Entrypoint
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String | "cgr.dev/chainguard/wolfi-base:latest" | wolfi-base image |
| version | String | "latest" | Cosign version |
| user | String | "65532" | Image user |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
func (m *MyModule) Example() *dagger.Cosign {
return dag.
Cosign()
}@function
def example() -> dagger.Cosign:
return (
dag.cosign()
)@func()
example(): Cosign {
return dag
.cosign()
}Types
Cosign 🔗
Cosign Module
attest() 🔗
Attest image with Cosign
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Image digest URI |
| predicate | File ! | - | path to the predicate file |
| type | String ! | - | Specify a predicate type |
| privateKey | Secret | null | Cosign private key |
| password | Secret | - | Cosign password |
| identityToken | Secret | null | Cosign identity token |
| oidcProvider | String | "" | Specify the provider to get the OIDC token from |
| oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
| recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
attest --image string --predicate file:path --type stringfunc (m *MyModule) Example(ctx context.Context, image string, predicate *dagger.File, type string) string {
return dag.
Cosign().
Attest(ctx, image, predicate, type)
}@function
async def example(image: str, predicate: dagger.File, type: str) -> str:
return await (
dag.cosign()
.attest(image, predicate, type)
)@func()
async example(image: string, predicate: File, type: string): Promise<string> {
return dag
.cosign()
.attest(image, predicate, type)
}clean() 🔗
Remove all signatures from an image
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Image digest URI |
| type | String | "all" | Type of clean |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
clean --image stringfunc (m *MyModule) Example(ctx context.Context, image string) string {
return dag.
Cosign().
Clean(ctx, image)
}@function
async def example(image: str) -> str:
return await (
dag.cosign()
.clean(image)
)@func()
async example(image: string): Promise<string> {
return dag
.cosign()
.clean(image)
}container() 🔗
Returns container
Return Type
Container !Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
containerfunc (m *MyModule) Example() *dagger.Container {
return dag.
Cosign().
Container()
}@function
def example() -> dagger.Container:
return (
dag.cosign()
.container()
)@func()
example(): Container {
return dag
.cosign()
.container()
}copy() 🔗
Copy the supplied container image and signatures
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | String ! | - | Source image |
| destination | String ! | - | Destination image |
| platform | Scalar | null | Only copy container image and its signatures for a specific platform image |
| only | [String ! ] | [] | Custom string array to only copy specific items. ex: --only=sig,att,sbom |
| force | Boolean | false | Overwrite destination image(s), if necessary |
| allowHttpRegistry | Boolean | false | Whether to allow using HTTP protocol while connecting to registries |
| allowInsecureRegistry | Boolean | false | whether to allow insecure connections to registries |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
copy --source string --destination stringfunc (m *MyModule) Example(ctx context.Context, source string, destination string) string {
return dag.
Cosign().
Copy(ctx, source, destination)
}@function
async def example(source: str, destination: str) -> str:
return await (
dag.cosign()
.copy(source, destination)
)@func()
async example(source: string, destination: string): Promise<string> {
return dag
.cosign()
.copy(source, destination)
}dockerConfig() 🔗
Returns the Docker config file
Return Type
File !Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
docker-configfunc (m *MyModule) Example() *dagger.File {
return dag.
Cosign().
DockerConfig()
}@function
def example() -> dagger.File:
return (
dag.cosign()
.docker_config()
)@func()
example(): File {
return dag
.cosign()
.dockerConfig()
}generateKeyPair() 🔗
Generate key pair
Return Type
Directory !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| password | Secret | - | Key password |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
generate-key-pairfunc (m *MyModule) Example() *dagger.Directory {
return dag.
Cosign().
GenerateKeyPair()
}@function
def example() -> dagger.Directory:
return (
dag.cosign()
.generate_key_pair()
)@func()
example(): Directory {
return dag
.cosign()
.generateKeyPair()
}sign() 🔗
Sign image with Cosign
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Image digest URI |
| annotations | [String ! ] | [] | Extra key=value pairs to sign |
| privateKey | Secret | null | Cosign private key |
| password | Secret | - | Cosign password |
| identityToken | Secret | null | Cosign identity token |
| oidcProvider | String | "" | Specify the provider to get the OIDC token from |
| oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
| recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
sign --image stringfunc (m *MyModule) Example(ctx context.Context, image string) string {
return dag.
Cosign().
Sign(ctx, image)
}@function
async def example(image: str) -> str:
return await (
dag.cosign()
.sign(image)
)@func()
async example(image: string): Promise<string> {
return dag
.cosign()
.sign(image)
}withAttest() 🔗
Attest image with Cosign (For chaining)
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Image digest URI |
| predicate | File ! | - | path to the predicate file |
| type | String ! | - | Specify a predicate type |
| privateKey | Secret | null | Cosign private key |
| password | Secret | null | Cosign password |
| identityToken | Secret | null | Cosign identity token |
| oidcProvider | String | "" | Specify the provider to get the OIDC token from |
| oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
| recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-attest --image string --predicate file:path --type stringfunc (m *MyModule) Example(image string, predicate *dagger.File, type string) *dagger.Cosign {
return dag.
Cosign().
WithAttest(image, predicate, type)
}@function
def example(image: str, predicate: dagger.File, type: str) -> dagger.Cosign:
return (
dag.cosign()
.with_attest(image, predicate, type)
)@func()
example(image: string, predicate: File, type: string): Cosign {
return dag
.cosign()
.withAttest(image, predicate, type)
}withClean() 🔗
Remove all signatures from an image (for chaining)
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Image digest URI |
| type | String | "all" | Type of clean |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-clean --image stringfunc (m *MyModule) Example(image string) *dagger.Cosign {
return dag.
Cosign().
WithClean(image)
}@function
def example(image: str) -> dagger.Cosign:
return (
dag.cosign()
.with_clean(image)
)@func()
example(image: string): Cosign {
return dag
.cosign()
.withClean(image)
}withCopy() 🔗
Copy the supplied container image and signatures (for chaining)
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | String ! | - | Source image |
| destination | String ! | - | Destination image |
| platform | Scalar | null | Only copy container image and its signatures for a specific platform image |
| only | [String ! ] | [] | Custom string array to only copy specific items. ex: --only=sig,att,sbom |
| force | Boolean | false | Overwrite destination image(s), if necessary |
| allowHttpRegistry | Boolean | false | Whether to allow using HTTP protocol while connecting to registries |
| allowInsecureRegistry | Boolean | false | whether to allow insecure connections to registries |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-copy --source string --destination stringfunc (m *MyModule) Example(source string, destination string) *dagger.Cosign {
return dag.
Cosign().
WithCopy(source, destination)
}@function
def example(source: str, destination: str) -> dagger.Cosign:
return (
dag.cosign()
.with_copy(source, destination)
)@func()
example(source: string, destination: string): Cosign {
return dag
.cosign()
.withCopy(source, destination)
}withDockerConfig() 🔗
Set Docker config file (for chaining)
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| dockerConfig | File ! | - | Docker config file |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-docker-config --docker-config file:pathfunc (m *MyModule) Example(dockerConfig *dagger.File) *dagger.Cosign {
return dag.
Cosign().
WithDockerConfig(dockerConfig)
}@function
def example(docker_config: dagger.File) -> dagger.Cosign:
return (
dag.cosign()
.with_docker_config(docker_config)
)@func()
example(dockerConfig: File): Cosign {
return dag
.cosign()
.withDockerConfig(dockerConfig)
}withEnvVariable() 🔗
Set a new environment variable in the Apko container
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | String ! | - | Name of the environment variable |
| value | String ! | - | Value of the environment variable |
| expand | Boolean | false | Replace “${VAR}” or “$VAR” in the value according to the current environment variables defined in the container |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-env-variable --name string --value stringfunc (m *MyModule) Example(name string, value string) *dagger.Cosign {
return dag.
Cosign().
WithEnvVariable(name, value)
}@function
def example(name: str, value: str) -> dagger.Cosign:
return (
dag.cosign()
.with_env_variable(name, value)
)@func()
example(name: string, value: string): Cosign {
return dag
.cosign()
.withEnvVariable(name, value)
}withRegistryAuth() 🔗
Authenticate with registry
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| username | String ! | - | Registry username |
| secret | Secret ! | - | Registry password |
| address | String | "docker.io" | Registry host |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-registry-auth --username string --secret env:MYSECRETfunc (m *MyModule) Example(username string, secret *dagger.Secret) *dagger.Cosign {
return dag.
Cosign().
WithRegistryAuth(username, secret)
}@function
def example(username: str, secret: dagger.Secret) -> dagger.Cosign:
return (
dag.cosign()
.with_registry_auth(username, secret)
)@func()
example(username: string, secret: Secret): Cosign {
return dag
.cosign()
.withRegistryAuth(username, secret)
}withSecretVariable() 🔗
Set a new environment variable, using a secret value
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | String ! | - | Name of the secret variable |
| secret | Secret ! | - | Identifier of the secret value |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-secret-variable --name string --secret env:MYSECRETfunc (m *MyModule) Example(name string, secret *dagger.Secret) *dagger.Cosign {
return dag.
Cosign().
WithSecretVariable(name, secret)
}@function
def example(name: str, secret: dagger.Secret) -> dagger.Cosign:
return (
dag.cosign()
.with_secret_variable(name, secret)
)@func()
example(name: string, secret: Secret): Cosign {
return dag
.cosign()
.withSecretVariable(name, secret)
}withSign() 🔗
Sign image with Cosign (For chaining)
Return Type
Cosign !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| image | String ! | - | Image digest URI |
| annotations | [String ! ] | [] | Extra key=value pairs to sign |
| privateKey | Secret | null | Cosign private key |
| password | Secret | null | Cosign password |
| identityToken | Secret | null | Cosign identity token |
| oidcProvider | String | "" | Specify the provider to get the OIDC token from |
| oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
| recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-sign --image stringfunc (m *MyModule) Example(image string) *dagger.Cosign {
return dag.
Cosign().
WithSign(image)
}@function
def example(image: str) -> dagger.Cosign:
return (
dag.cosign()
.with_sign(image)
)@func()
example(image: string): Cosign {
return dag
.cosign()
.withSign(image)
}