mirror of https://github.com/stefanprodan/podinfo.git synced 2026-05-24 18:32:49 +00:00

Files

Stefan Prodan 5751cab6b3 Update docs to Cosign v3

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

2026-05-20 12:41:38 +03:00

cosign.pub

Publish the deploy manifests to GHCR

2021-10-21 16:26:10 +03:00

README.md

Update docs to Cosign v3

2026-05-20 12:41:38 +03:00

README.md

Podinfo signed releases

Podinfo release assets (container image, Helm chart, Flux artifact, Timoni module) are published to GitHub Container Registry and are signed with Cosign v3 keyless & GitHub Actions OIDC.

Verify podinfo with cosign

Install the cosign CLI:

brew install cosign

Container image

Verify the podinfo container image hosted on GHCR:

cosign verify ghcr.io/stefanprodan/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com

Verify the podinfo container image hosted on Docker Hub:

cosign verify docker.io/stefanprodan/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com

Helm chart

Verify the podinfo Helm chart hosted on GHCR:

cosign verify ghcr.io/stefanprodan/charts/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com

Flux artifact

Verify the podinfo Flux artifact hosted on GHCR:

cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com

Timoni module

Verify the podinfo Timoni module hosted on GHCR:

cosign verify ghcr.io/stefanprodan/modules/podinfo:6.12.0 \
--certificate-identity-regexp="^https://github\.com/stefanprodan/.*$" \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com