@@ -22,13 +22,12 @@ jobs:
2222 fetch-depth : 0
2323
2424 - name : Load DCT delegation key
25- env :
26- DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE : ${{ secrets.DCT_KEY_PASSPHRASE }}
27- DCT_KEY_BASE64 : ${{ secrets.DCT_KEY_BASE64 }}
2825 run : |
29- echo "$DCT_KEY_BASE64" | base64 -d > delegation.key
30- chmod 600 delegation.key
31- docker trust key load delegation.key --name gha
26+ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="${{ secrets.DCT_KEY_PASSPHRASE }}"
27+ mkdir -p ~/.docker/trust/private/
28+ echo "${{ secrets.DCT_KEY_BASE64 }}" | base64 -d > "~/.docker/trust/private/${{ secrets.DCT_KEY_ID }}.key"
29+ chmod 600 "~/.docker/trust/private/${{ secrets.DCT_KEY_ID }}.key"
30+ docker trust key load "~/.docker/trust/private/${{ secrets.DCT_KEY_ID }}.key" --name gha
3231
3332name : Login to DockerHub
3433 uses : docker/login-action@v3
@@ -40,14 +39,13 @@ jobs:
4039 run : docker build -t ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} .
4140
4241 - name : Push and sign the image
43- env :
44- DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE : ${{ secrets.DCT_KEY_PASSPHRASE }}
4542 run : |
43+ export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="${{ secrets.DCT_KEY_PASSPHRASE }}"
4644 docker trust sign ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
4745
4846name : Verify the image signature
4947 run : |
5048 docker trust inspect --pretty ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
5149
5250name : Remove DCT delegation key
53- run : rm delegation. key
51+ run : rm "~/.docker/trust/private/${{ secrets.DCT_KEY_ID }}. key"
0 commit comments