2022-01-17 08:40:49 +01:00
|
|
|
# Copyright Project Harbor Authors
|
|
|
|
|
#
|
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
|
#
|
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
#
|
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
|
# limitations under the License
|
|
|
|
|
|
|
|
|
|
*** Settings ***
|
|
|
|
|
Documentation This resource provides helper functions for docker operations
|
|
|
|
|
Library OperatingSystem
|
|
|
|
|
Library Process
|
|
|
|
|
|
|
|
|
|
*** Keywords ***
|
|
|
|
|
Cosign Generate Key Pair
|
|
|
|
|
Remove Files cosign.key cosign.pub
|
|
|
|
|
Wait Unitl Command Success cosign generate-key-pair
|
|
|
|
|
|
|
|
|
|
Cosign Sign
|
|
|
|
|
[Arguments] ${artifact}
|
2023-05-29 05:55:14 +02:00
|
|
|
Wait Unitl Command Success cosign sign -y --allow-insecure-registry --key cosign.key ${artifact}
|
2022-05-09 08:39:18 +02:00
|
|
|
|
|
|
|
|
Cosign Verify
|
|
|
|
|
[Arguments] ${artifact} ${signed}
|
|
|
|
|
Run Keyword If ${signed}==${true} Wait Unitl Command Success cosign verify --key cosign.pub ${artifact}
|
2023-05-29 05:55:14 +02:00
|
|
|
... ELSE Command Should be Failed cosign verify --key cosign.pub ${artifact}
|
2023-10-23 08:40:55 +02:00
|
|
|
|
|
|
|
|
Cosign Push Sbom
|
|
|
|
|
[Arguments] ${artifact} ${sbom_path}=${files_directory}/sbom_test.json ${type}=spdx
|
|
|
|
|
Wait Unitl Command Success cosign attach sbom --allow-insecure-registry --registry-referrers-mode oci-1-1 --type ${type} --sbom ${sbom_path} ${artifact}
|
