diff --git a/.env b/.env index 28360f2d8..599249271 100644 --- a/.env +++ b/.env @@ -8,4 +8,4 @@ EKSCTL_VERSION=v0.215.0 EKS_CLUSTER_K8_VERSION=1.34 EKS_INSTANCE_TYPE=m5.2xlarge EKS_INSTANCE_TYPE_ARM64=c6g.4xlarge -SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:10.0.0 \ No newline at end of file +SPLUNK_ENTERPRISE_RELEASE_IMAGE=splunk/splunk:10.2.0 \ No newline at end of file diff --git a/.github/workflows/automated-release-workflow.yml b/.github/workflows/automated-release-workflow.yml index 3c9bd63d1..5896b1ede 100644 --- a/.github/workflows/automated-release-workflow.yml +++ b/.github/workflows/automated-release-workflow.yml @@ -22,6 +22,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + id-token: write pull-requests: write if: github.ref == 'refs/heads/main' env: @@ -111,16 +112,18 @@ jobs: - name: Sign Splunk Operator image with a key run: | - cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} + cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} env: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Verify Splunk Operator image with a key run: | cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }} env: COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Promote Distroless RC Image to Release run: | @@ -128,14 +131,16 @@ jobs: - name: Sign Distroless Splunk Operator image with a key run: | - cosign sign --yes --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless + cosign sign --yes --recursive --key env://COSIGN_PRIVATE_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless env: COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + COSIGN_DOCKER_MEDIA_TYPES: "1" - name: Verify Distroless Splunk Operator image with a key run: | cosign verify --key env://COSIGN_PUBLIC_KEY splunk/splunk-operator:${{ github.event.inputs.operator_image_tag }}-distroless env: COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} + COSIGN_DOCKER_MEDIA_TYPES: "1"