digitally signing the pctl CLI for macOS

[niravparikh05]

Expected vs actual behavior

• digitally signing the pctl CLI for macOS, currently it shows an error saying it is not trust worthy.

Steps to reproduce the bug

1. Download pctl and true to execute any command like pctl get clusters after configuring it.

Are you using the latest version of the project?

You can check your version by running helm ls|grep '^<deployment-name>' or using pctl, pctl version, and provide the output.

• Yes

What is your environment setup? Please tell us your cloud provider, operating system, and include the output of kubectl version --output=yaml and helm version. Any other information that you have, eg. logs and custom values, is highly appreciated!

• Applicable to all

• I've described the bug, included steps to reproduce it, and included my environment setup with all customizations.

• I'm using the latest version of the project.

[niravparikh05]

[rustiever]

we can use this gon to sign and notorize the CLI. Also this blog can be handy. cc: @niravparikh05 @meain

[sandeep540]

Can we use cosign tool - https://docs.sigstore.dev/ , to sign the binary, vCluster project - https://github.com/loft-sh/vcluster , which has CLI uses the same method

[meain]

@sandeep540 I don't think using cosign will help with the macOS warning IIUC if that is what the end goal is.