From d1a38095c72202378dda3e01036c51467e85988a Mon Sep 17 00:00:00 2001 From: Martijn Pieters Date: Tue, 29 Oct 2024 20:32:41 +0000 Subject: [PATCH] Sign docker images using cosign cosign uses the GitHub action ID token to retrieve an ephemeral code signing certificate from Fulcio, and store the signature in the Rekor transparency log. --- .github/workflows/build-docker.yml | 54 ++++++++++++++++++++++++++++++ .github/workflows/release.yml | 2 ++ 2 files changed, 56 insertions(+) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 9ef0052342ffe..8577bd2f8d981 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -152,6 +152,9 @@ jobs: needs: - docker-publish if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} + permissions: + packages: write + id-token: write # needed for signing the images with GitHub OIDC Token strategy: fail-fast: false matrix: @@ -180,6 +183,8 @@ jobs: - python:3.9-slim-bookworm,python3.9-bookworm-slim - python:3.8-slim-bookworm,python3.8-bookworm-slim steps: + - uses: sigstore/cosign-installer@v3.7.0 + - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v3 @@ -242,6 +247,7 @@ jobs: ${{ env.TAG_PATTERNS }} - name: Build and push + id: build-and-push uses: docker/build-push-action@v6 with: context: . @@ -254,6 +260,17 @@ jobs: labels: ${{ steps.meta.outputs.labels }} annotations: ${{ steps.meta.outputs.annotations }} + - name: Sign the images with GitHub OIDC Token + env: + DIGEST: ${{ steps.build-and-push.outputs.digest }} + TAGS: ${{ steps.meta.outputs.tags }} + run: | + images="" + for tag in ${TAGS}; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes ${images} + # This is effectively a duplicate of `docker-publish` to make https://github.com/astral-sh/uv/pkgs/container/uv # show the uv base image first since GitHub always shows the last updated image digests # This works by annotating the original digests (previously non-annotated) which triggers an update to ghcr.io @@ -265,6 +282,9 @@ jobs: needs: - docker-publish-extra if: ${{ inputs.plan != '' && !fromJson(inputs.plan).announcement_tag_is_implicit }} + permissions: + packages: write + id-token: write # needed for signing the images with GitHub OIDC Token steps: - name: Download digests uses: actions/download-artifact@v4 @@ -273,6 +293,8 @@ jobs: pattern: digests-* merge-multiple: true + - uses: sigstore/cosign-installer@v3.7.0 + - uses: docker/setup-buildx-action@v3 - name: Extract metadata (tags, labels) for Docker @@ -295,14 +317,46 @@ jobs: # Adapted from https://docs.docker.com/build/ci/github-actions/multi-platform/ - name: Create manifest list and push + id: manifest-push working-directory: /tmp/digests # The readarray part is used to make sure the quoting and special characters are preserved on expansion (e.g. spaces) # The jq command expands the docker/metadata json "tags" array entry to `-t tag1 -t tag2 ...` for each tag in the array # The printf will expand the base image with the `@sha256: ...` for each sha256 in the directory # The final command becomes `docker buildx imagetools create -t tag1 -t tag2 ... @sha256: @sha256: ...` + # The digest of the new manifest is then shared as the 'digest' output. run: | readarray -t lines <<< "$DOCKER_METADATA_OUTPUT_ANNOTATIONS"; annotations=(); for line in "${lines[@]}"; do annotations+=(--annotation "$line"); done docker buildx imagetools create \ "${annotations[@]}" \ $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ $(printf '${{ env.UV_BASE_IMG }}@sha256:%s ' *) + # To sign the manifest, we need it's digest. Unfortunately "docker + # buildx imagetools create" does not (yet) have a clean way of sharing + # the digest of the manifest it creates (see docker/buildx#2407), so + # we use a separate command to retrieve it. This _has_ to be done in + # the same step to minimize the risk of the tag having been moved to + # another digest, which would pose a security risk. Within the same + # step, we can count on the local docker cache of the tag not having + # changed. + # imagetools inspect [TAG] --format '{{json .Manifest}}' gives us + # the machine readable JSON description of the manifest, and the + # jq command extracts the digest from this. The digest is then + # sent to the Github step output file for sharing with other steps. + digest="$( + docker buildx imagetools inspect \ + "${UV_BASE_IMG}:${DOCKER_METADATA_OUTPUT_VERSION}" \ + --format '{{json .Manifest}}' \ + | jq -r '.digest' + )" + echo "digest=${digest}" >> "$GITHUB_OUTPUT" + + - name: Sign the manifest with GitHub OIDC Token + env: + DIGEST: ${{ steps.manifest-push.outputs.digest }} + TAGS: ${{ steps.meta.outputs.tags }} + run: | + images="" + for tag in ${TAGS}; do + images+="${tag}@${DIGEST} " + done + cosign sign --yes ${images} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6ff89163f5331..6e79b3d7c6e86 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -106,9 +106,11 @@ jobs: with: plan: ${{ needs.plan.outputs.val }} secrets: inherit + # docker jobs get escalated permissions, so they can sign the images permissions: "contents": "read" "packages": "write" + "id-token": "write" # Build and package all the platform-agnostic(ish) things build-global-artifacts: