mark keyless pem files with b64

[developer-guy]

Signed-off-by: Batuhan Apaydın batuhan.apaydin@trendyol.com

Summary

This PR will help people understand that pem files are base encoded.

Fixes #2666

PTAL @znewman01 @ctron

Release Note

Documentation

[codecov-commenter]

Codecov Report

Merging #2671 (d34c750) into main (d6b9001) will increase coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #2671      +/-   ##
==========================================
+ Coverage   29.55%   29.56%   +0.01%     
==========================================
  Files         151      151              
  Lines        9648     9642       -6     
==========================================
  Hits         2851     2851              
+ Misses       6358     6352       -6     
  Partials      439      439              

Impacted Files	Coverage Δ
cmd/cosign/cli/manifest.go	0.00% <0.00%> (ø)
cmd/cosign/cli/dockerfile.go	0.00% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[znewman01]

LGTM but please wait for @cpanato review in case this might break somebody depending on these signatures

[developer-guy]

LGTM but please wait for @cpanato review in case this might break somebody depending on these signatures

Yes absolutely 💯

[cpanato]

What are the benefits of doing this?
We might break users' workflows on this, and if we want to do this, we need to communicate before.
Or just maybe add some documentation in the readme section about might be enough

[developer-guy]

if you all agree on the change I can update the README about that for sure @cpanato.

[haydentherapper]

+1 on just documentation and not updating goreleaser, otherwise we risk breaking users' verification flows

[znewman01]

Could we move the files and make a symlink, along with documentation?

The current filenames are wrong, and I'd like to move in the right direction here.

Further, the next release will be a major version bump, so maybe now is the time to break things?

[developer-guy]

Could we move the files and make a symlink?

Can you explain a bit about what needs to be done? I'm not sure that we could make it happen creating symlink in GoReleaser for these files 🤔

The current filenames are wrong, and I'd like to move in the right direction here.

Yep, I agree with you.

Further, the next release will be a major version bump, so maybe now is the time to break things?

That makes a lot of sense 🙈

[znewman01]

Can you explain a bit about what needs to be done? I'm not sure that we could make it happen creating symlink in GoReleaser for these files 🤔

Hmm, looking into it it's actually a bit complicated.

So maybe we:

1. Leave this as-is.
2. Add a note to the docs (are there existing docs about how to verify releases?)
3. When we add support for bundles, we can change the release output.

[developer-guy]

Can you explain a bit about what needs to be done? I'm not sure that we could make it happen creating symlink in GoReleaser for these files 🤔

Hmm, looking into it it's actually a bit complicated.

So maybe we:

1. Leave this as-is.
2. Add a note to the docs (are there existing docs about how to verify releases?)
3. When we add support for bundles, we can change the release output.

cool! I'm going to update this PR accordingly ASAP

[developer-guy]

I've updated the changes accordingly and added documentation about PEM files.

PTAL @znewman01 @cpanato

[developer-guy]

any updates on this? kindly ping @znewman01