mirror of
https://github.com/stefanprodan/podinfo.git
synced 2026-02-14 10:19:52 +00:00
Podinfo signed releases
Podinfo release assets (container image, Helm chart, Flux artifact, Timoni module) are published to GitHub Container Registry and are signed with Cosign v2 keyless & GitHub Actions OIDC.
Verify podinfo with cosign
Install the cosign CLI:
brew install sigstore/tap/cosign
Container image
Verify the podinfo container image hosted on GHCR:
cosign verify ghcr.io/stefanprodan/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Verify the podinfo container image hosted on Docker Hub:
cosign verify docker.io/stefanprodan/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Helm chart
Verify the podinfo Helm chart hosted on GHCR:
cosign verify ghcr.io/stefanprodan/charts/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Flux artifact
Verify the podinfo Flux artifact hosted on GHCR:
cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Timoni module
Verify the podinfo Timoni module hosted on GHCR:
cosign verify ghcr.io/stefanprodan/modules/podinfo:6.5.0 \
--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com