From c7da520fa52d6a402bc32e8adad8a3da82a730ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20Goinvic?= <gaelg@element.io>
Date: Wed, 3 Jan 2024 10:30:16 +0100
Subject: [PATCH] gaelg/add-cosign-signature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Gaël Goinvic <gaelg@element.io>
---
 .github/workflows/docker.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 679b76440e..fc45530793 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -29,6 +29,9 @@ jobs:
       - name: Inspect builder
         run: docker buildx inspect
 
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.3.0
+
       - name: Checkout repository
         uses: actions/checkout@v4
 
@@ -82,3 +85,14 @@ jobs:
           # https://github.com/rust-lang/cargo/issues/10583
           build-args: |
             CARGO_NET_GIT_FETCH_WITH_CLI=true
+
+      - name: Sign the images with GitHub OIDC Token
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+          TAGS: ${{ steps.set-tag.outputs.tags }}
+        run: |
+          images=""
+          for tag in ${TAGS}; do
+            images+="${tag}@${DIGEST} "
+          done
+          cosign sign --yes ${images}