David J. M. Karlsen

cosign is used to sign and validate images, pushing their signatures to the registries hosing the images. This help secure the supply chain. The plugin could have a sign step...

I think it should be a separate goal, design to run after push man. 23. aug. 2021 kl. 15:33 skrev Rohan Kumar ***@***.***>: > Do you propose integrating this sign...

Update, it actually works out of the box if I add both these dependencies: ``` com.amazonaws aws-java-sdk-core 1.12.74 com.amazonaws aws-java-sdk-sts 1.12.74 ``` and define the env-vars AWS_ROLE_ARN / AWS_WEB_IDENTITY_TOKEN_FILE /...

@rohanKanojia It would maybe be worthwhile mentioning this use-case too. The feature of using github-actions to provide an OIDC token is fairly new though, and not officially released, but that's...

Until we do a release you can use main as the version in order to test it.

Sorry I cannot share it in public. Maybe I can send it to you in a private email?

@hairmare I'd say that makes sense. Just skip them and print a warning.

It's probably due to ``` synchronized (listAppender) { listAppender.wait(100); //this depends on how fast the computer running the test is... } ```

@markpollack Do you want it in a separate maven module, or should we add it to the existing one?

@markpollack ping?