Skip to content

Commit 66465a7

Browse files
committed
Update verification config file
Update the example file to use the latest configuration format. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
1 parent 16d2184 commit 66465a7

File tree

1 file changed

+42
-15
lines changed

1 file changed

+42
-15
lines changed

verification.yml.example

+42-15
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,42 @@
1-
---
2-
verification_keys:
3-
key-name-irrelevant: |
4-
-----BEGIN PUBLIC KEY-----
5-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX0HFTtCfTtPmkx5p1RbtwDE1EVzu
6-
wjQs1cCRKb5Pz/yUspkQsN3FO4iyWodCy5j3o0CdIJD/1gvq98pf4IG9tA==
7-
-----END PUBLIC KEY-----
8-
another-key: |
9-
-----BEGIN PUBLIC KEY-----
10-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEX0HFTtCfTtPmkx5p1RbtwDE1EVzu
11-
wjQs1cCRKb5Pz/yUspkQsN3FO4iyWodCy5j3o0CdIJD/1gvq98pf4IG9tA==
12-
-----END PUBLIC KEY-----
13-
verification_annotations: # optional
14-
env: prod
15-
foo: bar
1+
apiVersion: v1
2+
3+
allOf:
4+
- kind: githubAction
5+
owner: kubewarden # mandatory
6+
annotations:
7+
env: prod
8+
9+
anyOf: # at least `anyOf.minimumMatches` are required to match
10+
minimumMatches: 2 # default is 1
11+
signatures:
12+
- kind: pubKey
13+
owner: flavio # optional
14+
key: .... # mandatory
15+
annotations: # optional
16+
env: prod
17+
foo: bar
18+
- kind: pubKey
19+
owner: victor # optional
20+
key: .... # mandatory
21+
- kind: genericIssuer
22+
issuer: https://github.com/login/oauth
23+
subject:
24+
equal: alice@example.com
25+
- kind: genericIssuer
26+
issuer: https://token.actions.githubusercontent.com
27+
subject:
28+
equal: https://github.com/flavio/policy-secure-pod-images/.github/workflows/release.yml@refs/heads/main
29+
- kind: genericIssuer
30+
issuer: https://token.actions.githubusercontent.com
31+
subject:
32+
urlPrefix: https://github.com/flavio/
33+
- kind: genericIssuer
34+
issuer: https://token.actions.githubusercontent.com
35+
subject:
36+
urlPrefix: https://github.com/kubewarden # <- it will be post-fixed with `/` for security reasons
37+
- kind: githubAction
38+
owner: flavio # mandatory
39+
repo: policy1 # optional
40+
- kind: pubKey
41+
owner: alice # optional
42+
key: .... # mandatory

0 commit comments

Comments
 (0)