X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=shell%2Frelease-job.sh;h=57e40387065e520cae11f92b21e7fa817ad82e14;hb=288f2bed16af82ea6f78298faf8b9c31179502e7;hp=6c280d20c7de6c8ae62af00727fe7152fa824752;hpb=f4b544362ab8764479ce7a4b087c67e923500963;p=releng%2Fglobal-jjb.git

diff --git a/shell/release-job.sh b/shell/release-job.sh
index 6c280d20..57e40387 100644
--- a/shell/release-job.sh
+++ b/shell/release-job.sh
@@ -443,8 +443,16 @@ container_release_file(){
             echo "docker tag $container_image_id $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
             echo "docker push $CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name:$VERSION"
             if [[ "$JOB_NAME" =~ "merge" ]]; then
+                curl -O -L "https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64"
+                sudo mv cosign-linux-amd64 /usr/local/bin/cosign
+                sudo chmod +x /usr/local/bin/cosign
+                export COSIGN_PASSWORD
                 docker tag "$container_image_id" "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
                 docker push "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION"
+                image_sha=$(docker images --no-trunc --quiet \
+                        "$CONTAINER_PUSH_REGISTRY"/"$lfn_umbrella"/"$name":"$VERSION")
+                image_digest="$CONTAINER_PUSH_REGISTRY/$lfn_umbrella/$name@$image_sha"
+                cosign sign -y --key "$COSIGN_PRIVATE_KEY" "$image_digest"
             fi
             echo "#########################"
         fi