Skip to content

ci(docker-image): sign published images with cosign (keyless OIDC)#678

Merged
jarvis9443 merged 1 commit into
mainfrom
ci/cosign-image-signing
Jul 1, 2026
Merged

ci(docker-image): sign published images with cosign (keyless OIDC)#678
jarvis9443 merged 1 commit into
mainfrom
ci/cosign-image-signing

Conversation

@jarvis9443

@jarvis9443 jarvis9443 commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

What

Sign every published aisix container image with cosign, using keyless GitHub OIDC signing (no private key to store/rotate). This mirrors the signing scheme already used by api7-ee-3-gateway.

Why

Images pushed to GHCR (and Docker Hub on release) are currently unsigned, so downstream/private-deployment consumers can't verify provenance. Cosign signatures let anyone cryptographically confirm an image was built by this repo's CI.

How

  • permissions: id-token: write — lets the job request the GitHub OIDC token cosign uses (Fulcio/Rekor keyless flow).
  • Install sigstore/cosign-installer, then sign the digest emitted by docker/build-push-action (steps.build.outputs.digest).
  • Signing is by digest, and the tag set is collapsed to one signature per repo@digest — so dev/poc/sha-* and every release tag are covered without re-signing a shared digest.
  • Signatures are stored in a sibling <registry>/api7/notary repo (COSIGN_REPOSITORY): ghcr.io/api7/notary on every push, plus docker.io/api7/notary on release tags.

Scope / behavior

  • Signs all pushed images (dev/poc/sha + release), matching the reference pipeline.
  • Pull-request builds are unaffected: they don't push, so the install/sign steps are skipped (if: github.event_name != 'pull_request').

Config

No new secrets. ghcr.io/api7/notary already grants this repo Actions write access; docker.io/api7/notary uses the same Docker Hub credentials already configured for release mirroring.

Verify

COSIGN_REPOSITORY=ghcr.io/api7/notary \
cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/api7/ai-gateway/' \
  ghcr.io/api7/aisix:<tag>

Testing

CI-workflow-only change with no unit-testable surface; it is exercised by the docker-image workflow run itself on the next push to main. The tag→digest collapse logic was validated locally under bash.

Summary by CodeRabbit

  • New Features

    • Docker images are now signed after publishing, adding stronger verification for released builds.
    • Automated signing uses a keyless trust flow for supported release events.
  • Bug Fixes

    • Improved the release pipeline so image digests can be reliably tracked and signed.

Sign every pushed aisix image with cosign using keyless GitHub OIDC
(no private key to manage), matching the api7-ee-3-gateway pipeline.

- add id-token: write for OIDC
- install sigstore/cosign-installer, sign the build-push digest
- collapse the tag set to one signature per repo@digest, so dev/poc/sha
  and every release tag are covered without re-signing shared digests
- store signatures in a sibling <registry>/api7/notary repo
  (ghcr.io/api7/notary always; docker.io/api7/notary on release tags)

Verify: cosign verify --certificate-oidc-issuer \
  https://token.actions.githubusercontent.com \
  --certificate-identity-regexp '^https://github.com/api7/ai-gateway/' \
  ghcr.io/api7/aisix:<tag>   # with COSIGN_REPOSITORY=ghcr.io/api7/notary
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d18bd614-4fd1-470d-82ff-0d6d057d4761

📥 Commits

Reviewing files that changed from the base of the PR and between fd80c72 and fc1f2e3.

📒 Files selected for processing (1)
  • .github/workflows/docker-image.yml

📝 Walkthrough

Walkthrough

The Docker image workflow is updated to support keyless Cosign signing of pushed images using GitHub OIDC. It adds id-token permission, assigns an id to the build step to expose the image digest, and adds steps to install Cosign and sign each image digest for non-pull_request events.

Changes

Cosign Signing Setup

Layer / File(s) Summary
OIDC permission and build output wiring
.github/workflows/docker-image.yml
Adds id-token: write permission and assigns id: build to the Docker build/push step to expose its digest output.
Cosign install and signing steps
.github/workflows/docker-image.yml
Installs Cosign and adds a step, gated to non-pull_request events, that signs each pushed image digest with COSIGN_REPOSITORY set to a registry-scoped api7/notary repo.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Sequence Diagram(s)

sequenceDiagram
  participant GitHubActions
  participant DockerBuildStep
  participant Cosign
  participant NotaryRepo

  GitHubActions->>DockerBuildStep: build and push image
  DockerBuildStep-->>GitHubActions: return image digest
  GitHubActions->>Cosign: install cosign
  GitHubActions->>Cosign: sign image digest (non-pull_request)
  Cosign->>NotaryRepo: store signature in api7/notary
Loading

Related PRs: None identified.

Suggested labels: ci, security

Suggested reviewers: None identified.

🐰 A rabbit hops through YAML fields,
Signing digests with cosign shields,
OIDC tokens light the way,
Trust anchored, come what may,
Notary keeps the secrets sealed.

🚥 Pre-merge checks | ✅ 6
✅ Passed checks (6 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the workflow change: signing published Docker images with Cosign via keyless OIDC.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
E2e Test Quality Review ✅ Passed PASS: This is a workflow-only CI signing change; no product-flow E2E test surface is involved, and the new cosign step is correctly gated off for pull_request.
Security Check ✅ Passed Workflow-only change adds cosign signing; no findings for secret exposure, auth bypass, ownership, TLS, shared-resource, or secret-resolution issues.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/cosign-image-signing

Comment @coderabbitai help to get the list of available commands.

@jarvis9443 jarvis9443 merged commit 7379051 into main Jul 1, 2026
10 checks passed
@jarvis9443 jarvis9443 deleted the ci/cosign-image-signing branch July 1, 2026 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant