From 70f3d01e482c929b5a8570fb282659872e78637c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Du=C5=A1an=20Simi=C4=87?= <dusan.simic1810@gmail.com>
Date: Sun, 4 Feb 2024 22:18:25 +0100
Subject: [PATCH] feat: Sign base image

---
 .github/workflows/base.yml            | 16 ++++++++--------
 cosign.pub                            |  4 ++++
 ghcr.io-dusansimic-toolbox-images.pub |  4 ----
 3 files changed, 12 insertions(+), 12 deletions(-)
 create mode 100644 cosign.pub
 delete mode 100644 ghcr.io-dusansimic-toolbox-images.pub

diff --git a/.github/workflows/base.yml b/.github/workflows/base.yml
index 4a22523..3fb6450 100644
--- a/.github/workflows/base.yml
+++ b/.github/workflows/base.yml
@@ -17,8 +17,8 @@ jobs:
     steps:
       - name: Checkout the repo
         uses: actions/checkout@v3
-      # - name: Setup cosign
-      #   uses: sigstore/cosign-installer@v3.3.0
+      - name: Setup cosign
+        uses: sigstore/cosign-installer@v3.3.0
       - name: Login to container registry
         uses: redhat-actions/podman-login@v1
         with:
@@ -41,12 +41,12 @@ jobs:
           image: ${{ steps.build.outputs.image }}
           tags: ${{ steps.build.outputs.tags }}
           registry: ${{ env.REGISTRY }}
-      # - name: Sign image
-      #   run: cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
-      #   env:
-      #     COSIGN_EXPERIMENTAL: false
-      #     COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
-      #     COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+      - name: Sign image
+        run: cosign sign -y --recursive --key env://COSIGN_PRIVATE_KEY ${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}@${{ steps.push.outputs.digest }}
+        env:
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
   node:
     needs: build
     uses: ./.github/workflows/node.yml
diff --git a/cosign.pub b/cosign.pub
new file mode 100644
index 0000000..ec9c799
--- /dev/null
+++ b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEm86+C2XTX+/q8HFr6ddOwkxlUFPA
+Wv72sowaeqCHLrFdMLThkRIYg1GoGXJCvUc5SbuFIQloPzJhnSn0F1Y1RQ==
+-----END PUBLIC KEY-----
diff --git a/ghcr.io-dusansimic-toolbox-images.pub b/ghcr.io-dusansimic-toolbox-images.pub
deleted file mode 100644
index 8e7ab97..0000000
--- a/ghcr.io-dusansimic-toolbox-images.pub
+++ /dev/null
@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1+ne9UrvyIfC7r+23JQrDlJ5Krfc
-UOon3vAqp9BuIadkDYNQ/dziUtDHfBkIonas3knWWuSlKZ8VEaCOzsfnKA==
------END PUBLIC KEY-----