Github action use new generated cosign key

Signed-off-by: Denny Hoang <[email protected]>
sigstore · Apr 7, 2022 · 3b6c409 · 3b6c409
1 parent 2beca8f
commit 3b6c409
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/.github/workflows/kind-cluster-image-policy.yaml b/.github/workflows/kind-cluster-image-policy.yaml
@@ -157,17 +157,22 @@ jobs:
         fi
         echo '::endgroup::'
 
+    - name: Generate New Signing Key
+      run: |
+        COSIGN_PASSWORD="" ./cosign generate-key-pair
+
     - name: Deploy ClusterImagePolicy With Key Signing
       run: |
-        kubectl apply -f ./test/testdata/cosigned/e2e/cip-key.yaml
+        yq '. | .spec.authorities[0].key.data |= load_str("cosign.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
+          kubectl apply -f -
 
     - name: Sign demoimage with cosign-test key
       run: |
-        ./cosign sign --key ./.github/workflows/cosign-test.key --force --allow-insecure-registry ${{ env.demoimage }}
+        ./cosign sign --key cosign.key --force --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Verify with cosign
       run: |
-        ./cosign verify --key ./.github/workflows/cosign-test.pub --allow-insecure-registry ${{ env.demoimage }}
+        ./cosign verify --key cosign.pub --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Deploy jobs and verify signed works, unsigned fails
       run: |