From 9eb0ca25e0264cd153a85fc86ff497030498a823 Mon Sep 17 00:00:00 2001
From: Gerald Pinder <4626052+gmpinder@users.noreply.github.com>
Date: Sat, 23 Mar 2024 17:05:58 -0400
Subject: [PATCH] Use cosign pri/pub key pairs

---
 .gitlab-ci.yml                      | 3 +++
 config/recipe-jp-desktop-gaming.yml | 1 +
 config/recipe-jp-laptop.yml         | 6 +++---
 cosign.pub                          | 4 ++++
 4 files changed, 11 insertions(+), 3 deletions(-)
 create mode 100644 cosign.pub

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 78ab8c5..35c27c5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,6 +33,9 @@ build-image:
   id_tokens:
     SIGSTORE_ID_TOKEN:
       aud: sigstore
+  before_script:
+    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
+    - export COSIGN_PRIVATE_KEY=$(cat .securefiles/cosign.key)
   script:
     - sleep 5
     - bluebuild build -v --push ./config/$RECIPE
diff --git a/config/recipe-jp-desktop-gaming.yml b/config/recipe-jp-desktop-gaming.yml
index a494491..dd55469 100644
--- a/config/recipe-jp-desktop-gaming.yml
+++ b/config/recipe-jp-desktop-gaming.yml
@@ -12,3 +12,4 @@ modules:
   - from-file: dev-packages.yml
   - type: r2modman
     version: 3.1.47
+  - type: signing
diff --git a/config/recipe-jp-laptop.yml b/config/recipe-jp-laptop.yml
index ae0b3db..5d08e85 100644
--- a/config/recipe-jp-laptop.yml
+++ b/config/recipe-jp-laptop.yml
@@ -9,6 +9,6 @@ modules:
     install:
       - fprintd
       - fprintd-pam
-  - type: script
-    scripts:
-      - setup-openrgb-udev.sh
+  - type: r2modman
+    version: 3.1.47
+  - type: signing
diff --git a/cosign.pub b/cosign.pub
new file mode 100644
index 0000000..9e0821f
--- /dev/null
+++ b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEStKQuMYCH4of+sN/YBYgBn/UWPt+
+0QHHJUnl1M4MCARICf5E4QZ4IpmE/Fulg2yCWS9zhcv4FDAJ1EWoYLFedw==
+-----END PUBLIC KEY-----