Jenkins setup:
Host: Ubuntu 22.04
Jenkins Version: 2.440.1
Hi Guys!
I load my cosing.key in Jenkins like a file. When a run my pipeline:
pipeline {
agent any
environment {
DOCKER_VERSION = "v1.0" // Puedes cambiar esto por la versión que desees
DOCKER_REGISTRY = "safernandez666"
COSIGN_PUBLIC_KEY = credentials('cosign-public-key')
COSIGN_PRIVATE_KEY = credentials('cosign-private-key')
}
stages {
stage('cleanup') {
steps {
sh 'docker system prune -a --volumes --force'
}
}
stage('docker build') {
steps {
script {
sh "docker build -t ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION} -t ${DOCKER_REGISTRY}/webserver:latest -f Dockerfile ."
}
}
}
stage('docker push') {
steps {
script {
sh "docker push ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION}"
}
}
}
stage('sign the container image') {
steps { // Credenciales cargadas en GitHub
withCredentials([file(credentialsId: 'cosign-private-key', variable: 'COSIGN_PRIVATE_KEY_FILE')]) {
sh 'cosign version'
sh "cosign sign --key ${COSIGN_PRIVATE_KEY_FILE} ${DOCKER_REGISTRY}/webserver:${DOCKER_VERSION}"
}
}
}
}
}
I have this error.
[Pipeline] sh
- cosign version
______ ______ . __ _______ . .
/ | / __ \ / || | / || \ | |
| ,----‘| | | | | (----| | | | __ | \| | | | | | | | \ \ | | | | |_ | | .
|
|----.|
–’ | .----) | | | | || | | |\ |
_| ______/ |_/ || __| || _|
cosign: A tool for Container Signing, Verification and Storage in an OCI registry.GitVersion: v2.0.0
GitCommit: d6b9001f8e6ed745fb845849d623274c897d55f2
GitTreeState: clean
BuildDate: 2023-02-23T19:26:35Z
GoVersion: go1.20.1
Compiler: gc
Platform: linux/amd64[Pipeline] sh
Warning: A secret was passed to “sh” using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [COSIGN_PRIVATE_KEY_FILE]
See https://jenkins.io/redirect/groovy-string-interpolation for details.
- cosign sign --key **** safernandez666/webserver:v1.0
Enter password for private key: Error: signing [safernandez666/webserver:v1.0]: getting signer: reading key: inappropriate ioctl for device
main.go:74: error during command execution: signing [safernandez666/webserver:v1.0]: getting signer: reading key: inappropriate ioctl for device
I am lost…Can you give me some light?
Thanks!