go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-02-05 13:15:26 +02:00
Code Issues Releases Activity

point to GHCR instead of GCR for cosign container (#5176)

Browse Source 
This changes the Dockerfile to pull the cosign container image from GHCR
instead of Google Cloud. This helps the Sigstore team manage their cloud
spend (as GHCR is provided for free and Google Cloud Artifact Registry
is not).

Note the container hash does not change and images are posted to both
locations upon cosign's release process.
This commit is contained in:
Bob Callaway 2024-10-07 07:25:15 -04:00 committed by GitHub
parent 10980311a5
commit 012cfc391c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -14,7 +14,7 @@ RUN apk add --no-cache bash \
upx
# install cosign
COPY --from=gcr.io/projectsigstore/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign
COPY --from=ghcr.io/sigstore/cosign/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign
# install syft
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin