Update github workflow cosigned key file name

Signed-off-by: Denny Hoang <dhoang@vmware.com>
sigstore · Apr 14, 2022 · 65d52cc · 65d52cc
1 parent 45ff16e
commit 65d52cc
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/.github/workflows/kind-cluster-image-policy.yaml b/.github/workflows/kind-cluster-image-policy.yaml
@@ -197,15 +197,15 @@ jobs:
         kubectl delete cip image-policy-keyless-with-identities-mismatch
         sleep 5
 
-    - name: Generate New Signing Key
+    - name: Generate New Signing Key For Colocated Signature
       run: |
         COSIGN_PASSWORD="" ./cosign generate-key-pair
-        mv cosign.key cosign-key.key
-        mv cosign.pub cosign-key.pub
+        mv cosign.key cosign-colocated-signing.key
+        mv cosign.pub cosign-colocated-signing.pub
 
     - name: Deploy ClusterImagePolicy With Key Signing
       run: |
-        yq '. | .spec.authorities[0].key.data |= load_str("cosign-key.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
+        yq '. | .spec.authorities[0].key.data |= load_str("cosign-colocated-signing.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
           kubectl apply -f -
 
     - name: Verify with two CIP, one not signed with public key
@@ -217,16 +217,16 @@ jobs:
 
     - name: Sign demoimage with cosign key
       run: |
-        ./cosign sign --key cosign-key.key --force --allow-insecure-registry ${{ env.demoimage }}
+        ./cosign sign --key cosign-colocated-signing.key --force --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Verify with cosign
       run: |
-        ./cosign verify --key cosign-key.pub --allow-insecure-registry ${{ env.demoimage }}
+        ./cosign verify --key cosign-colocated-signing.pub --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Deploy jobs and verify signed works, unsigned fails
       run: |
         kubectl create namespace demo-key-signing
-        kubectl label namespace demo-key-signing cosigned.sigstore.dev/include=true
+      kubectl label namespace demo-key-signing cosigned.sigstore.dev/include=true
 
         echo '::group:: test job success'
         # We signed this above, this should work
@@ -251,27 +251,27 @@ jobs:
     - name: Generate New Signing Key For Remote Signature
       run: |
         COSIGN_PASSWORD="" ./cosign generate-key-pair
-        mv cosign.key cosign-remote.key
-        mv cosign.pub cosign-remote.pub
+        mv cosign.key cosign-remote-signing.key
+        mv cosign.pub cosign-remote-signing.pub
 
     - name: Deploy ClusterImagePolicy With Remote Public Key But Missing Source
       run: |
         yq '. | .metadata.name = "image-policy-remote-source"
-            | .spec.authorities[0].key.data |= load_str("cosign-remote.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
+            | .spec.authorities[0].key.data |= load_str("cosign-remote-signing.pub")' ./test/testdata/cosigned/e2e/cip-key.yaml | \
           kubectl apply -f -
 
     - name: Sign demoimage with cosign key
       run: |
-        COSIGN_REPOSITORY="${{ env.KO_DOCKER_REPO }}/remote-signature" ./cosign sign --key cosign-remote.key --force --allow-insecure-registry ${{ env.demoimage }}
+        COSIGN_REPOSITORY="${{ env.KO_DOCKER_REPO }}/remote-signature" ./cosign sign --key cosign-remote-signing.key --force --allow-insecure-registry ${{ env.demoimage }}
 
     - name: Verify with cosign
       run: |
-        if ./cosign verify --key cosign-remote.pub --allow-insecure-registry ${{ env.demoimage }}; then
+        if ./cosign verify --key cosign-remote-signing.pub --allow-insecure-registry ${{ env.demoimage }}; then
           echo "Signature should not have been verified unless COSIGN_REPOSITORY was defined"
           exit 1
         fi
 
-        if ! COSIGN_REPOSITORY="${{ env.KO_DOCKER_REPO }}/remote-signature" ./cosign verify --key cosign-remote.pub --allow-insecure-registry ${{ env.demoimage }}; then
+        if ! COSIGN_REPOSITORY="${{ env.KO_DOCKER_REPO }}/remote-signature" ./cosign verify --key cosign-remote-signing.pub --allow-insecure-registry ${{ env.demoimage }}; then
           echo "Signature should have been verified when COSIGN_REPOSITORY was defined"
           exit 1
         fi
@@ -289,7 +289,7 @@ jobs:
     - name: Deploy ClusterImagePolicy With Remote Public Key With Source
       run: |
         yq '. | .metadata.name = "image-policy-remote-source"
-            | .spec.authorities[0].key.data |= load_str("cosign-remote.pub")
+            | .spec.authorities[0].key.data |= load_str("cosign-remote-signing.pub")
             | .spec.authorities[0] += {"source": [{"oci": "${{ env.KO_DOCKER_REPO }}/remote-signature"}]}' ./test/testdata/cosigned/e2e/cip-key.yaml | tee image-policy-remote-source.yaml
         kubectl apply -f image-policy-remote-source.yaml