Confirm signing of docker image

digitalservicebund · Dec 12, 2023 · 8d34f2a · 8d34f2a
1 parent 8140d48
commit 8d34f2a
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -231,7 +231,7 @@ jobs:
           COSIGN_EXPERIMENTAL: "true"
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: cosign sign ghcr.io/${{ env.IMAGE_NAME }}:${{ github.sha }}
+        run: cosign sign --yes ghcr.io/${{ env.IMAGE_NAME }}:${{ github.sha }}
 
       - name: Attest the vulnerability scan
         env:

diff --git a/.talismanrc b/.talismanrc
@@ -1,6 +1,6 @@
 fileignoreconfig:
 - filename: .github/workflows/pipeline.yml
-  checksum: 0d77d0ac1b83571ff5ee42de3f2ad7a4f228026ac72cc685ce3011098329b55a
+  checksum: 505d6ded3cca636f98c06e4f941204a4fdc83c7f98a038f5f80e64b73b7670f8
 - filename: .github/workflows/scan.yml
   checksum: 14fd20b334e55e9f6ee23d13fa82d2c17d94cb59928b7dd5828e8adca40cf1d8
 - filename: README.md