Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: refine README #42

Merged
merged 11 commits into from
Sep 20, 2023
Merged

doc: refine README #42

Changes from 7 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
1ac45d0
update README
FeynmanZhou Jul 27, 2023
852d845
resolve comments
FeynmanZhou Sep 11, 2023
0985acc
resolve comments
FeynmanZhou Sep 11, 2023
2297094
resolve comments
FeynmanZhou Sep 11, 2023
270aeb9
remove an extra line
FeynmanZhou Sep 12, 2023
bb77da4
refine README
FeynmanZhou Sep 18, 2023
f8450c1
resolve conflicts
FeynmanZhou Sep 19, 2023
c966ea4
update README
FeynmanZhou Sep 20, 2023
5e4ca6e
resolve comments
FeynmanZhou Sep 20, 2023
593a791
resolve comments
FeynmanZhou Sep 20, 2023
c54cf9d
resolve comments
FeynmanZhou Sep 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 35 additions & 10 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ The following three actions are available:

## Usage

### Notation Setup
Signing an image relies on a Notation plugin, such as [AWS Signer plugin for Notation](https://docs.aws.amazon.com/signer/latest/developerguide/Welcome.html), [Azure Key Vault for Notation](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-sign-build-push), [HashiCorp Vault plugin](https://github.com/notaryproject/notation-hashicorp-vault/pulls). Currently, [Azure Key Vault for Notation](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tutorial-sign-build-push) has been well tested in the Notation Github Actions by the sub-project maintainers. You can submit test cases and examples for other plugins.

### Notation: Setup
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved
```yaml
- name: setup Notation CLI
uses: notaryproject/notation-action/setup@main
Expand All @@ -21,15 +23,21 @@ The following three actions are available:
url: <url_of_customized_Notation_CLI>
checksum: <SHA256_of_the_customized_Notation_CLI>
```
For example,

<details>

<summary>See an example (Click here).</summary>

```yaml
- name: setup Notation CLI
uses: notaryproject/notation-action/setup@main
with:
version: "1.0.0"
```

### Notation Sign
</details>

### Notation: Sign
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved
```yaml
- name: sign releasd artifact with signing plugin
uses: notaryproject/notation-action/sign@main
Expand All @@ -43,7 +51,11 @@ For example,
plugin_config: <list_of_plugin_defined_configs>
allow_referrers_api: <boolean_flag_for_referrers_api>
```
For example,

<details>

<summary>See an example (Click here).</summary>

```yaml
- name: sign releasd artifact with notation-azure-kv plugin
uses: notaryproject/notation-action/sign@main
Expand All @@ -58,7 +70,9 @@ For example,
ca_certs=.github/cert-bundle/cert-bundle.crt
self_signed=false
```
Example of using the [Referrers API](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc.3/spec.md#listing-referrers),

Example of using the [Referrers API](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc.3/spec.md#listing-referrers) in signing:

```yaml
- name: sign releasd artifact with notation-azure-kv plugin
uses: notaryproject/notation-action/sign@main
Expand All @@ -77,7 +91,9 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
self_signed=false
```

### Notation Verify
</details>

### Notation: Verify
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved
```yaml
- name: verify released artifact
uses: notaryproject/notation-action/verify@main
Expand All @@ -87,7 +103,13 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
trust_store: <dir_to_user_trust_store>
allow_referrers_api: <boolean_flag_for_referrers_api>
```
For example,

<details>

<summary>See an example (Click here).</summary>

`.github/trustpolicy/trustpolicy.json` MUST follow the Notation [trust policy specs](https://github.com/notaryproject/specifications/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-policy).
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved

```yaml
- name: verify released artifact
uses: notaryproject/notation-action/verify@main
Expand All @@ -96,7 +118,6 @@ For example,
trust_policy: .github/trustpolicy/trustpolicy.json
trust_store: .github/truststore
```
`.github/trustpolicy/trustpolicy.json` MUST follow the Notation [trust policy specs](https://github.com/notaryproject/specifications/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-policy).
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved

`.github/truststore` MUST follow the Notation [trust store specs](https://github.com/notaryproject/specifications/blob/v1.0.0-rc.2/specs/trust-store-trust-policy.md#trust-store). For example,
FeynmanZhou marked this conversation as resolved.
Show resolved Hide resolved
```
Expand All @@ -111,7 +132,9 @@ For example,
├── <my_certificate3>
└── <my_certificate4>
```
Example of using the [Referrers API](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc.3/spec.md#listing-referrers),

Example of using the [Referrers API](https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc.3/spec.md#listing-referrers) in verification:

```yaml
- name: verify released artifact
uses: notaryproject/notation-action/verify@main
Expand All @@ -122,4 +145,6 @@ Example of using the [Referrers API](https://github.com/opencontainers/distribut
target_artifact_reference: myRegistry.azurecr.io/myRepo@sha256:aaabbb
trust_policy: .github/trustpolicy/trustpolicy.json
trust_store: .github/truststore
```
```

</details>
Loading