Skip to content

feat: add cosign signing and SBOM to docker publish#277

Merged
retr0h merged 6 commits intomainfrom
feat/cosign-sbom
Mar 16, 2026
Merged

feat: add cosign signing and SBOM to docker publish#277
retr0h merged 6 commits intomainfrom
feat/cosign-sbom

Conversation

@retr0h
Copy link
Collaborator

@retr0h retr0h commented Mar 16, 2026

Summary

  • Add id-token: write permission for OIDC keyless signing
  • Enable BuildKit SBOM generation (sbom: true)
  • Sign image digest with cosign after push

🤖 Generated with Claude Code

@retr0h @claude
feat: add cosign signing and SBOM to docker publish
419a418 
Sign images with cosign using GitHub OIDC keyless signing.
Generate SBOM via BuildKit's built-in SBOM generator.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 16, 2026

Thank you for contributing to this project! 😊🕹️

@retr0h @claude
docs: add cosign verification and SBOM to install docs
01cf74e 
Document image signing, signature verification, and SBOM
download. Link to the GHCR package page.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
retr0h and others added 4 commits March 15, 2026 20:56
@retr0h @claude
style: fix line wrapping in Docker install docs
39df308 
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@retr0h @claude
docs: add Docker/cosign/SBOM badges and fix org references
609cce6 
Add badges for GHCR container image, cosign signing, and SBOM.
Fix all badge URLs from retr0h/osapi to osapi-io/osapi.

🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@retr0h @claude
fix: link SBOM badge to install docs with download instructions
2988e7f 
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@retr0h @claude
fix: link cosign badge to install docs
9d39ebd 
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
@codecov
Copy link

codecov bot commented Mar 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #277   +/-   ##
=======================================
  Coverage   99.84%   99.84%           
=======================================
  Files         227      227           
  Lines        9925     9925           
=======================================
  Hits         9910     9910           
  Misses         11       11           
  Partials        4        4

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c5f69f...9d39ebd. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@retr0h retr0h merged commit cb9c48b into main Mar 16, 2026
11 checks passed
@retr0h retr0h deleted the feat/cosign-sbom branch March 16, 2026 04:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

github/action kind/docs kind/yaml

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@retr0h