cosign
Sign a container image using Cosign
Installation
dagger install github.com/opopops/daggerverse/cosign@v1.8.0
Entrypoint
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String | "cgr.dev/chainguard/wolfi-base:latest" | wolfi-base image |
version | String | "latest" | Cosign version |
user | String | "65532" | Image user |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
func (m *MyModule) Example() *dagger.Cosign {
return dag.
Cosign()
}
@function
def example() -> dagger.Cosign:
return (
dag.cosign()
)
@func()
example(): Cosign {
return dag
.cosign()
}
Types
Cosign 🔗
Cosign Module
attest() 🔗
Attest image with Cosign
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Image digest URI |
predicate | File ! | - | path to the predicate file |
type | String ! | - | Specify a predicate type |
privateKey | Secret | null | Cosign private key |
password | Secret | - | Cosign password |
identityToken | Secret | null | Cosign identity token |
oidcProvider | String | "" | Specify the provider to get the OIDC token from |
oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
attest --image string --predicate file:path --type string
func (m *MyModule) Example(ctx context.Context, image string, predicate *dagger.File, type string) string {
return dag.
Cosign().
Attest(ctx, image, predicate, type)
}
@function
async def example(image: str, predicate: dagger.File, type: str) -> str:
return await (
dag.cosign()
.attest(image, predicate, type)
)
@func()
async example(image: string, predicate: File, type: string): Promise<string> {
return dag
.cosign()
.attest(image, predicate, type)
}
clean() 🔗
Remove all signatures from an image
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Image digest URI |
type | String | "all" | Type of clean |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
clean --image string
func (m *MyModule) Example(ctx context.Context, image string) string {
return dag.
Cosign().
Clean(ctx, image)
}
@function
async def example(image: str) -> str:
return await (
dag.cosign()
.clean(image)
)
@func()
async example(image: string): Promise<string> {
return dag
.cosign()
.clean(image)
}
container() 🔗
Returns container
Return Type
Container !
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
container
func (m *MyModule) Example() *dagger.Container {
return dag.
Cosign().
Container()
}
@function
def example() -> dagger.Container:
return (
dag.cosign()
.container()
)
@func()
example(): Container {
return dag
.cosign()
.container()
}
copy() 🔗
Copy the supplied container image and signatures
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
source | String ! | - | Source image |
destination | String ! | - | Destination image |
platform | Scalar | null | Only copy container image and its signatures for a specific platform image |
only | [String ! ] | [] | Custom string array to only copy specific items. ex: --only=sig,att,sbom |
force | Boolean | false | Overwrite destination image(s), if necessary |
allowHttpRegistry | Boolean | false | Whether to allow using HTTP protocol while connecting to registries |
allowInsecureRegistry | Boolean | false | whether to allow insecure connections to registries |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
copy --source string --destination string
func (m *MyModule) Example(ctx context.Context, source string, destination string) string {
return dag.
Cosign().
Copy(ctx, source, destination)
}
@function
async def example(source: str, destination: str) -> str:
return await (
dag.cosign()
.copy(source, destination)
)
@func()
async example(source: string, destination: string): Promise<string> {
return dag
.cosign()
.copy(source, destination)
}
dockerConfig() 🔗
Returns the Docker config file
Return Type
File !
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
docker-config
func (m *MyModule) Example() *dagger.File {
return dag.
Cosign().
DockerConfig()
}
@function
def example() -> dagger.File:
return (
dag.cosign()
.docker_config()
)
@func()
example(): File {
return dag
.cosign()
.dockerConfig()
}
generateKeyPair() 🔗
Generate key pair
Return Type
Directory !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
password | Secret | - | Key password |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
generate-key-pair
func (m *MyModule) Example() *dagger.Directory {
return dag.
Cosign().
GenerateKeyPair()
}
@function
def example() -> dagger.Directory:
return (
dag.cosign()
.generate_key_pair()
)
@func()
example(): Directory {
return dag
.cosign()
.generateKeyPair()
}
sign() 🔗
Sign image with Cosign
Return Type
String !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Image digest URI |
annotations | [String ! ] | [] | Extra key=value pairs to sign |
privateKey | Secret | null | Cosign private key |
password | Secret | - | Cosign password |
identityToken | Secret | null | Cosign identity token |
oidcProvider | String | "" | Specify the provider to get the OIDC token from |
oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
sign --image string
func (m *MyModule) Example(ctx context.Context, image string) string {
return dag.
Cosign().
Sign(ctx, image)
}
@function
async def example(image: str) -> str:
return await (
dag.cosign()
.sign(image)
)
@func()
async example(image: string): Promise<string> {
return dag
.cosign()
.sign(image)
}
withAttest() 🔗
Attest image with Cosign (For chaining)
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Image digest URI |
predicate | File ! | - | path to the predicate file |
type | String ! | - | Specify a predicate type |
privateKey | Secret | null | Cosign private key |
password | Secret | null | Cosign password |
identityToken | Secret | null | Cosign identity token |
oidcProvider | String | "" | Specify the provider to get the OIDC token from |
oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-attest --image string --predicate file:path --type string
func (m *MyModule) Example(image string, predicate *dagger.File, type string) *dagger.Cosign {
return dag.
Cosign().
WithAttest(image, predicate, type)
}
@function
def example(image: str, predicate: dagger.File, type: str) -> dagger.Cosign:
return (
dag.cosign()
.with_attest(image, predicate, type)
)
@func()
example(image: string, predicate: File, type: string): Cosign {
return dag
.cosign()
.withAttest(image, predicate, type)
}
withClean() 🔗
Remove all signatures from an image (for chaining)
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Image digest URI |
type | String | "all" | Type of clean |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-clean --image string
func (m *MyModule) Example(image string) *dagger.Cosign {
return dag.
Cosign().
WithClean(image)
}
@function
def example(image: str) -> dagger.Cosign:
return (
dag.cosign()
.with_clean(image)
)
@func()
example(image: string): Cosign {
return dag
.cosign()
.withClean(image)
}
withCopy() 🔗
Copy the supplied container image and signatures (for chaining)
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
source | String ! | - | Source image |
destination | String ! | - | Destination image |
platform | Scalar | null | Only copy container image and its signatures for a specific platform image |
only | [String ! ] | [] | Custom string array to only copy specific items. ex: --only=sig,att,sbom |
force | Boolean | false | Overwrite destination image(s), if necessary |
allowHttpRegistry | Boolean | false | Whether to allow using HTTP protocol while connecting to registries |
allowInsecureRegistry | Boolean | false | whether to allow insecure connections to registries |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-copy --source string --destination string
func (m *MyModule) Example(source string, destination string) *dagger.Cosign {
return dag.
Cosign().
WithCopy(source, destination)
}
@function
def example(source: str, destination: str) -> dagger.Cosign:
return (
dag.cosign()
.with_copy(source, destination)
)
@func()
example(source: string, destination: string): Cosign {
return dag
.cosign()
.withCopy(source, destination)
}
withDockerConfig() 🔗
Set Docker config file (for chaining)
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
dockerConfig | File ! | - | Docker config file |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-docker-config --docker-config file:path
func (m *MyModule) Example(dockerConfig *dagger.File) *dagger.Cosign {
return dag.
Cosign().
WithDockerConfig(dockerConfig)
}
@function
def example(docker_config: dagger.File) -> dagger.Cosign:
return (
dag.cosign()
.with_docker_config(docker_config)
)
@func()
example(dockerConfig: File): Cosign {
return dag
.cosign()
.withDockerConfig(dockerConfig)
}
withEnvVariable() 🔗
Set a new environment variable in the Apko container
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
name | String ! | - | Name of the environment variable |
value | String ! | - | Value of the environment variable |
expand | Boolean | false | Replace “${VAR}” or “$VAR” in the value according to the current environment variables defined in the container |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-env-variable --name string --value string
func (m *MyModule) Example(name string, value string) *dagger.Cosign {
return dag.
Cosign().
WithEnvVariable(name, value)
}
@function
def example(name: str, value: str) -> dagger.Cosign:
return (
dag.cosign()
.with_env_variable(name, value)
)
@func()
example(name: string, value: string): Cosign {
return dag
.cosign()
.withEnvVariable(name, value)
}
withRegistryAuth() 🔗
Authenticate with registry
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
username | String ! | - | Registry username |
secret | Secret ! | - | Registry password |
address | String | "docker.io" | Registry host |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-registry-auth --username string --secret env:MYSECRET
func (m *MyModule) Example(username string, secret *dagger.Secret) *dagger.Cosign {
return dag.
Cosign().
WithRegistryAuth(username, secret)
}
@function
def example(username: str, secret: dagger.Secret) -> dagger.Cosign:
return (
dag.cosign()
.with_registry_auth(username, secret)
)
@func()
example(username: string, secret: Secret): Cosign {
return dag
.cosign()
.withRegistryAuth(username, secret)
}
withSecretVariable() 🔗
Set a new environment variable, using a secret value
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
name | String ! | - | Name of the secret variable |
secret | Secret ! | - | Identifier of the secret value |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-secret-variable --name string --secret env:MYSECRET
func (m *MyModule) Example(name string, secret *dagger.Secret) *dagger.Cosign {
return dag.
Cosign().
WithSecretVariable(name, secret)
}
@function
def example(name: str, secret: dagger.Secret) -> dagger.Cosign:
return (
dag.cosign()
.with_secret_variable(name, secret)
)
@func()
example(name: string, secret: Secret): Cosign {
return dag
.cosign()
.withSecretVariable(name, secret)
}
withSign() 🔗
Sign image with Cosign (For chaining)
Return Type
Cosign !
Arguments
Name | Type | Default Value | Description |
---|---|---|---|
image | String ! | - | Image digest URI |
annotations | [String ! ] | [] | Extra key=value pairs to sign |
privateKey | Secret | null | Cosign private key |
password | Secret | null | Cosign password |
identityToken | Secret | null | Cosign identity token |
oidcProvider | String | "" | Specify the provider to get the OIDC token from |
oidcIssuer | String | "" | OIDC provider to be used to issue ID toke |
recursive | Boolean | false | If a multi-arch image is specified, additionally sign each discrete image |
Example
dagger -m github.com/opopops/daggerverse/cosign@f5b2b0725aaecd1d771479f2e1c886dad9ac554d call \
with-sign --image string
func (m *MyModule) Example(image string) *dagger.Cosign {
return dag.
Cosign().
WithSign(image)
}
@function
def example(image: str) -> dagger.Cosign:
return (
dag.cosign()
.with_sign(image)
)
@func()
example(image: string): Cosign {
return dag
.cosign()
.withSign(image)
}