cosign
Cosign container image signing in a Dagger module
Installation
dagger install github.com/puzzle/dagger-module-cosign/cosign@v0.0.1Entrypoint
Return Type
CosignExample
dagger -m github.com/puzzle/dagger-module-cosign/cosign@4f0527563a74ba7f6c796972f1bedd26afc26030 call \
func (m *myModule) example() *Cosign {
return dag.
Cosign()
}@function
def example() -> dag.Cosign:
return (
dag.cosign()
)@func()
example(): Cosign {
return dag
.cosign()
}Types
Cosign 🔗
Cosign represents the cosign Dagger module type
sign() 🔗
Sign will run cosign from the image, as defined by the cosignImage parameter, to sign the given Container image digests
Note: keyless signing not supported as-is
See https://edu.chainguard.dev/open-source/sigstore/cosign/an-introduction-to-cosign/
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| privateKey | Secret ! | - | Cosign private key |
| password | Secret ! | - | Cosign password |
| registryUsername | String | - | registry username |
| registryPassword | Secret | - | name of the image |
| dockerConfig | File | - | Docker config |
| cosignImage | String | "chainguard/cosign:latest" | Cosign container image |
| cosignUser | String | "nonroot" | Cosign container image user |
| digest | String ! | - | Container image digest to sign |
Example
dagger -m github.com/puzzle/dagger-module-cosign/cosign@4f0527563a74ba7f6c796972f1bedd26afc26030 call \
sign --private-key env:MYSECRET --password env:MYSECRET --digest stringfunc (m *myModule) example(ctx context.Context, privateKey *Secret, password *Secret, digest string) string {
return dag.
Cosign().
Sign(ctx, privateKey, password, digest)
}@function
async def example(private_key: dagger.Secret, password: dagger.Secret, digest: str) -> str:
return await (
dag.cosign()
.sign(private_key, password, digest)
)@func()
async example(privateKey: Secret, password: Secret, digest: string): Promise<string> {
return dag
.cosign()
.sign(privateKey, password, digest)
}attest() 🔗
Attest will run cosign from the image, as defined by the cosignImage parameter, to attest the SBOM of the given Container image digest
Note: keyless signing not supported as-is
See https://edu.chainguard.dev/open-source/sigstore/cosign/how-to-sign-an-sbom-with-cosign/
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| privateKey | Secret ! | - | Cosign private key |
| password | Secret ! | - | Cosign password |
| registryUsername | String | - | registry username |
| registryPassword | Secret | - | name of the image |
| dockerConfig | File | - | Docker config |
| cosignImage | String | "chainguard/cosign:latest" | Cosign container image |
| cosignUser | String | "nonroot" | Cosign container image user |
| digest | String ! | - | Container image digest to attest |
| sbomFile | File ! | - | SBOM file |
| sbomType | String | "spdxjson" | SBOM type |
Example
dagger -m github.com/puzzle/dagger-module-cosign/cosign@4f0527563a74ba7f6c796972f1bedd26afc26030 call \
attest --private-key env:MYSECRET --password env:MYSECRET --digest string --sbom-file file:pathfunc (m *myModule) example(ctx context.Context, privateKey *Secret, password *Secret, digest string, sbomFile *File) string {
return dag.
Cosign().
Attest(ctx, privateKey, password, digest, sbomFile)
}@function
async def example(private_key: dagger.Secret, password: dagger.Secret, digest: str, sbom_file: dagger.File) -> str:
return await (
dag.cosign()
.attest(private_key, password, digest, sbom_file)
)@func()
async example(privateKey: Secret, password: Secret, digest: string, sbomFile: File): Promise<string> {
return dag
.cosign()
.attest(privateKey, password, digest, sbomFile)
}