Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci: Use cosign plugin to sign container images. (#68)
This commit adds the cosign-buildkite-plugin to the CI pipeline. [1] cosign is an open-source tool developed by Chainguard that signs container images, allowing other users to cryptographically verify the origin of container images. cosign has different operating modes. This commit utilizes Chainguard's signing infrastructure via "keyless signing". [2] Keyless signing makes image signing easy for open-source projects because Chainguard operates the signing infrastructure on behalf of others. References 1. https://github.com/equinixmetal-buildkite/cosign-buildkite-plugin 2. https://edu.chainguard.dev/open-source/sigstore/cosign/an-introduction-to-cosign/#keyless-signing
- Loading branch information