particle-os/particle-os-cli
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: switch cosign registry from GCR to GHCR (#237)

Browse source 
This changes the Dockerfile to pull the cosign container image from GHCR
instead of Google Cloud. This helps the Sigstore team manage their cloud
spend (as GHCR is provided for free and Google Cloud Artifact Registry
is not).

Note the container hash does not change and images are posted to both
locations upon cosign's release process.
This commit is contained in:
Bob Callaway 2024-10-06 09:20:36 -04:00 committed by GitHub
parent b991b370a5
commit 2aa888d3a1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
utils/src/constants.rs
View file

@ -72,7 +72,7 @@ pub const LC_TERMINAL_VERSION: &str = "LC_TERMINAL_VERSION";
pub const XDG_RUNTIME_DIR: &str = "XDG_RUNTIME_DIR";
// Misc
pub const COSIGN_IMAGE: &str = "gcr.io/projectsigstore/cosign:latest";
pub const COSIGN_IMAGE: &str = "ghcr.io/sigstore/cosign/cosign:latest";
pub const OCI_ARCHIVE: &str = "oci-archive";
pub const OSTREE_IMAGE_SIGNED: &str = "ostree-image-signed";
pub const OSTREE_UNVERIFIED_IMAGE: &str = "ostree-unverified-image";