Loop over generated tags for the Docker image

mostafa · Aug 14, 2022 · 9949398 · 9949398
1 parent e94e20b
commit 9949398
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -71,14 +71,20 @@ jobs:
 
       - name: Sign the Docker image ✍️
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        run: cosign sign --key env://COSIGN_PRIVATE_KEY docker.io/${{ steps.meta.outputs.tags }}
+        run: |
+          for tag in ${{ steps.meta.outputs.tags }}; do
+            cosign sign --key env://COSIGN_PRIVATE_KEY docker.io/${{ tag }}
+          done
         env:
           COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
           COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
 
       - name: Verify the Docker image signature ✅
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        run: cosign verify --key env://COSIGN_PUBLIC_KEY docker.io/${{ steps.meta.outputs.tags }}
+        run: |
+          for tag in ${{ steps.meta.outputs.tags }}; do
+            cosign verify --key env://COSIGN_PUBLIC_KEY docker.io/${{ tag }}
+          done
         env:
           COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}