Skip to content

Commit

Permalink
feat(verify): Parse output with jq for cleaner formatting
Browse files Browse the repository at this point in the history 
Requires we enable pipefail so that the action fails when verification fails
  • Loading branch information
@EyeCantCU
EyeCantCU committed Dec 27, 2023
1 parent d904c76 commit a3aa801
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions verify/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,14 @@ runs:
shell: bash
run: |
REGISTRY=$(echo ${{ inputs.registry }} | awk '{print tolower($0)}')
set -o pipefail
if [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
for CONTAINER in $(echo "${CONTAINERS}" | tr "," "\n"); do
cosign verify $REGISTRY/${CONTAINER} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }}
cosign verify $REGISTRY/${CONTAINER} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }} | jq
done
elif [[ -n "${{ inputs.pubkey }}" ]]; then
for CONTAINER in $(echo "${CONTAINERS}" | tr "," "\n"); do
cosign verify --key ${{ inputs.pubkey }} $REGISTRY/${CONTAINER}
cosign verify --key ${{ inputs.pubkey }} $REGISTRY/${CONTAINER} | jq
done
else
exit 1
Expand Down

0 comments on commit a3aa801

Please sign in to comment.