Skip to main content
Version: 0.2.x

cosign_sign

Implementation details for sign rule

Rules

cosign_sign

Sign an oci_image using cosign binary at a remote registry.

It signs the image by its digest determined beforehand.

oci_image(
name = "image"
)

cosign_sign(
name = "sign",
image = ":image",
repository = "index.docker.io/org/image"
)

repository attribute can be overridden using the --repository flag.

oci_image(
name = "image"
)

cosign_sign(
name = "sign",
image = ":image",
repository = "index.docker.io/org/image"
)

run bazel run :sign -- --repository=index.docker.io/org/test

Example usage (generated):

load("@contrib_rules_oci//cosign/private:sign.bzl", "cosign_sign")

cosign_sign(
# A unique name for this target.
name = "",
# Label to an oci_image
image = "",
# Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`
repository = "",
)

name

Required name.

A unique name for this target.

image

Required label.

Label to an oci_image

repository

Required string.

    Repository URL where the image will be signed at, e.g.: `index.docker.io/<user>/image`.

Digests and tags are not allowed.