From 797f827acdd34be14d53b8f4fe8753b28823e04e Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Thu, 1 Apr 2021 22:10:06 -0400 Subject: [PATCH] update README --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 031e0c4..bbbb482 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # Demo: Using [`cosign`](https://github.com/sigstore/cosign) natively in [Shipwright](https://shipwright.io) -### Install Shipwright and dependencies - 1. Install dependencies: - latest Tekton release - forked Shipwright with signing support, built from [this fork](https://github.com/imjasonh/build-1/tree/sign). @@ -59,8 +57,8 @@ sign: name: passphrase ``` -This tells Shipwright to use the `cosign.key` found in the repo to sign the built image. -That key is encrypted, and the Secret named `passphrase` includes the passphrase to decrypt it. +This tells Shipwright to use the [`cosign.key` in this repo](./cosign.key) to sign the built image. +The key is encrypted, and the Secret named `passphrase` specifies the passphrase to decrypt it. --- @@ -70,7 +68,7 @@ That key is encrypted, and the Secret named `passphrase` includes the passphrase kubectl create -f https://raw.githubusercontent.com/ImJasonH/shipwright-cosign-example/main/buildrun.yaml ``` -5. Finally, verify the image is signed: +5. Finally, verify the image is signed, using [the public key](./cosign.pub): ``` $ cosign verify -key cosign.pub imjasonh/signed # <-- your image here