Bulwark/cosign.pub at main - Bulwark - Gitea: Git with a cup of tea

iceColdChris/Bulwark

Files

T

Christopher Fahlin 2f5587aaec ci: add Harbor publish pipeline with supply-chain gates

GitHub Actions workflow: mix precommit gate against a postgres:17 service
container on PRs and pushes; on pushes to main, build the release image,
gate on a Trivy HIGH/CRITICAL scan, emit an SBOM, push to Harbor, and sign
the pushed tags with Cosign.

- Image: harbor.icecoldchris.dev/bulwark/bulwark (tags: sha-<sha>, latest)
- Commit the Cosign public key (cosign.pub) for verification; gitignore the
  private key (cosign.key / *.key)

2026-05-30 19:27:05 -07:00

5 lines

178 B

Plaintext

Raw Permalink Blame History

 -----BEGIN PUBLIC KEY-----
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESbpIb0jeYwsdTr1qHnI/JVH92JQe
 b6kAlL5RB/ggG7sJIqdYw6gX9xFVxUQ3ALq1oO6m7wtE+LMvAJd2yOhKZA==
 -----END PUBLIC KEY-----