Use cosign pri/pub key pairs

2024-03-23 17:05:58 -04:00
parent 2c1dba06f3
commit 9eb0ca25e0
4 changed files with 11 additions and 3 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,6 +33,9 @@ build-image:
  id_tokens:
    SIGSTORE_ID_TOKEN:
      aud: sigstore
+  before_script:
+    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
+    - export COSIGN_PRIVATE_KEY=$(cat .securefiles/cosign.key)
  script:
    - sleep 5
    - bluebuild build -v --push ./config/$RECIPE