cosign_sign

Implementation details for sign rule

Rules

cosign_sign

Sign an oci_image using cosign binary at a remote registry.

It signs the image by its digest determined beforehand.

oci_image(
    name = "image"
)

cosign_sign(
    name = "sign",
    image = ":image",
    repository = "index.docker.io/org/image"
)

repository attribute can be overridden using the --repository flag.

oci_image(
    name = "image"
)

cosign_sign(
    name = "sign",
    image = ":image",
    repository = "index.docker.io/org/image"
)

run bazel run :sign -- --repository=index.docker.io/org/test

Example usage (generated):

load("@contrib_rules_oci//cosign/private:sign.bzl", "cosign_sign")

cosign_sign(
    # A unique name for this target.
    name = "",
    # Label to an oci_image
    image = "",
    # Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`
    repository = "",
)

name

Required name.

A unique name for this target.

image

Required label.

Label to an oci_image

repository

Required string.

    Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`.

Digests and tags are not allowed.