diff --git a/Dockerfile b/Dockerfile index 7fe904d..c5f03bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM alpine +FROM alpine:3.22 + +RUN apk add --no-cache ca-certificates cosign COPY entrypoint.sh /entrypoint.sh diff --git a/README.md b/README.md index ed815f3..9e569ad 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ -# .plugin-template +# plugin-cosign-sign -Template repository for Woodpecker CI plugins. +Woodpecker plugin to sign OCI artifacts with [Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/). diff --git a/doc.md b/doc.md index 1000010..0a12aee 100644 --- a/doc.md +++ b/doc.md @@ -1 +1,29 @@ -# some-plugin-name +--- +name: Cosign Sign +icon: https://codeberg.org/woodpecker-plugins/prettier/raw/branch/main/prettier.png +description: Sign OCI artifacts with Cosign. +author: Vojtěch Mareš +tags: [oci, cosign, sign, security] +containerImage: registry.mareshq.com/woodpecker-plugins/cosign-sign +containerImageUrl: https://registry.mareshq.com/woodpecker-plugins/cosign-sign +url: https://git.mareshq.com/woodpecker-plugins/cosign-sign +--- + +# cosign-sign + +## Sample + +```yaml +steps: + prettier: + image: registry.mareshq.com/woodpecker-plugins/cosign-sign + settings: + image: registry.example.com/app:latest +``` + +## Settings + +| Settings Name | Type | Default | Description | +| ------------- | ------- | ------- | --------------------------------------------------------------------------- | +| `image` | string | empty | Image name including tag. | +| `key_path` | string | `./cosign.key` | Path to signing key | diff --git a/entrypoint.sh b/entrypoint.sh index 561023d..27dca74 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,3 +1,8 @@ #! /bin/sh -echo "Hello from plugin, I think you forgot to write me!" +if [ -z ${PLUGIN_IMAGE+x} ]; then + echo "ERROR: image setting is required." + exit 1 +fi + +cosign sign --key "${PLUGIN_KEY_PATH:-"./cosign.key"}" "${PLUGIN_IMAGE}"