Make cosign verification work in all scenarios
What does this MR do?
- Make cosign verification work with all branch names. Using
CI_COMMIT_REF_SLUG
meant that branch names likedeps/e8b98d2-75e5507
got converted todeps-e8b98d2-75e5507
in thecosign verify
command. This will fail as the signing used the branch name as-is - 1f85e2a5 - Ensure verification works even if image was not built in a job but reused from previous one - 75d84777
- Trigger signing and verification of images only after they have been pushed to the registry - 0803ccb3
Related issues
Closes #631 (closed)
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated -
New dependencies are managed with dependencies.io
Edited by Hossein Pursultani