stop using chainguard images

nais · Aug 14, 2023 · 78a0df5 · 78a0df5
1 parent 46e5402
commit 78a0df5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -41,16 +41,16 @@ jobs:
       packages: "write"
     runs-on: ubuntu-latest
     env:
-      RUNNER_IMG: "cgr.dev/chainguard/static"
-      BASEIMG_IDENTITY: "https://github.com/chainguard-images/images/.github/workflows/release.yaml@refs/heads/main"
-      BASEIMG_ISSUER: "https://token.actions.githubusercontent.com"
+      RUNNER_IMG: "gcr.io/distroless/static-debian11:nonroot"
+      BASEIMG_IDENTITY: "keyless@distroless.iam.gserviceaccount.com"
+      BASEIMG_ISSUER: "https://accounts.google.com"
     steps:
       - name: Checkout
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # ratchet:actions/checkout@v3
       - name: Install cosign
         uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # ratchet:sigstore/cosign-installer@main
         with:
-          cosign-release: 'v2.0.0'
+          cosign-release: 'v2.1.1'
       - name: Verify runner image
         run: cosign verify --certificate-identity ${{ env.BASEIMG_IDENTITY }} --certificate-oidc-issuer ${{ env.BASEIMG_ISSUER }} ${{ env.RUNNER_IMG }}
       - uses: nais/platform-build-push-sign@fb7da39ee56c8904ed15c02705a1780cb278a65b # ratchet:nais/platform-build-push-sign@main

diff --git a/Dockerfile b/Dockerfile
@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -installsuf
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM cgr.dev/chainguard/static
+FROM gcr.io/distroless/static-debian11:nonroot
 WORKDIR /
 COPY --from=builder /workspace/jwker /jwker