ci(docker-image): sign published images with cosign (keyless OIDC)#678
Conversation
Sign every pushed aisix image with cosign using keyless GitHub OIDC (no private key to manage), matching the api7-ee-3-gateway pipeline. - add id-token: write for OIDC - install sigstore/cosign-installer, sign the build-push digest - collapse the tag set to one signature per repo@digest, so dev/poc/sha and every release tag are covered without re-signing shared digests - store signatures in a sibling <registry>/api7/notary repo (ghcr.io/api7/notary always; docker.io/api7/notary on release tags) Verify: cosign verify --certificate-oidc-issuer \ https://token.actions.githubusercontent.com \ --certificate-identity-regexp '^https://github.com/api7/ai-gateway/' \ ghcr.io/api7/aisix:<tag> # with COSIGN_REPOSITORY=ghcr.io/api7/notary
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe Docker image workflow is updated to support keyless Cosign signing of pushed images using GitHub OIDC. It adds id-token permission, assigns an id to the build step to expose the image digest, and adds steps to install Cosign and sign each image digest for non-pull_request events. ChangesCosign Signing Setup
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant GitHubActions
participant DockerBuildStep
participant Cosign
participant NotaryRepo
GitHubActions->>DockerBuildStep: build and push image
DockerBuildStep-->>GitHubActions: return image digest
GitHubActions->>Cosign: install cosign
GitHubActions->>Cosign: sign image digest (non-pull_request)
Cosign->>NotaryRepo: store signature in api7/notary
Related PRs: None identified. Suggested labels: ci, security Suggested reviewers: None identified. 🐰 A rabbit hops through YAML fields, 🚥 Pre-merge checks | ✅ 6✅ Passed checks (6 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
What
Sign every published
aisixcontainer image with cosign, using keyless GitHub OIDC signing (no private key to store/rotate). This mirrors the signing scheme already used byapi7-ee-3-gateway.Why
Images pushed to GHCR (and Docker Hub on release) are currently unsigned, so downstream/private-deployment consumers can't verify provenance. Cosign signatures let anyone cryptographically confirm an image was built by this repo's CI.
How
permissions: id-token: write— lets the job request the GitHub OIDC token cosign uses (Fulcio/Rekor keyless flow).sigstore/cosign-installer, then sign the digest emitted bydocker/build-push-action(steps.build.outputs.digest).repo@digest— sodev/poc/sha-*and every release tag are covered without re-signing a shared digest.<registry>/api7/notaryrepo (COSIGN_REPOSITORY):ghcr.io/api7/notaryon every push, plusdocker.io/api7/notaryon release tags.Scope / behavior
if: github.event_name != 'pull_request').Config
No new secrets.
ghcr.io/api7/notaryalready grants this repo Actions write access;docker.io/api7/notaryuses the same Docker Hub credentials already configured for release mirroring.Verify
Testing
CI-workflow-only change with no unit-testable surface; it is exercised by the
docker-imageworkflow run itself on the next push tomain. The tag→digest collapse logic was validated locally under bash.Summary by CodeRabbit
New Features
Bug Fixes