cosign
Cosign container image signing in a Dagger module
Installation
dagger install github.com/scottames/daggerverse/cosign@v0.0.1Entrypoint
Return Type
CosignExample
dagger -m github.com/scottames/daggerverse/cosign@e04584e46ee2d626b2f09e90ba0b8ec3464650d2 call \
func (m *myModule) example() *Cosign {
return dag.
Cosign()
}@function
def example() -> dag.Cosign:
return (
dag.cosign()
)@func()
example(): Cosign {
return dag
.cosign()
}Types
Cosign 🔗
Cosign represents the cosign Dagger module type
sign() 🔗
Sign will run cosign from the image, as defined by the cosignImage parameter, to sign the given Container image digests
Note: keyless signing not supported as-is
See https://edu.chainguard.dev/open-source/sigstore/cosign/an-introduction-to-cosign/
Return Type
[String ! ] !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| privateKey | Secret ! | - | Cosign private key |
| password | Secret ! | - | Cosign password |
| registryUsername | String | - | registry username |
| registryPassword | Secret | - | name of the image |
| dockerConfig | File | - | Docker config |
| cosignImage | String | "chainguard/cosign:latest" | Cosign container image |
| cosignUser | String | "nonroot" | Cosign container image user |
| digests | [String ! ] ! | - | Container image digests to sign |
Example
dagger -m github.com/scottames/daggerverse/cosign@e04584e46ee2d626b2f09e90ba0b8ec3464650d2 call \
sign --private-key env:MYSECRET --password env:MYSECRET --digests string1 --digests string2func (m *myModule) example(ctx context.Context, privateKey *Secret, password *Secret, digests []string) []string {
return dag.
Cosign().
Sign(ctx, privateKey, password, digests)
}@function
async def example(private_key: dagger.Secret, password: dagger.Secret, digests: List[str]) -> List[str]:
return await (
dag.cosign()
.sign(private_key, password, digests)
)@func()
async example(privateKey: Secret, password: Secret, digests: string[]): Promise<string[]> {
return dag
.cosign()
.sign(privateKey, password, digests)
}