Use cosign pri/pub key pairs

.gitlab-ci.yml

@@ -33,6 +33,9 @@ build-image:
   id_tokens:
     SIGSTORE_ID_TOKEN:
       aud: sigstore
+  before_script:
+    - curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash
+    - export COSIGN_PRIVATE_KEY=$(cat .securefiles/cosign.key)
   script:
     - sleep 5
     - bluebuild build -v --push ./config/$RECIPE

config/recipe-jp-desktop-gaming.yml

@@ -12,3 +12,4 @@ modules:
   - from-file: dev-packages.yml
   - type: r2modman
     version: 3.1.47
+  - type: signing

config/recipe-jp-laptop.yml

@@ -9,6 +9,6 @@ modules:
     install:
       - fprintd
       - fprintd-pam
-  - type: script
-    scripts:
-      - setup-openrgb-udev.sh
+  - type: r2modman
+    version: 3.1.47
+  - type: signing

cosign.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEStKQuMYCH4of+sN/YBYgBn/UWPt+
+0QHHJUnl1M4MCARICf5E4QZ4IpmE/Fulg2yCWS9zhcv4FDAJ1EWoYLFedw==
+-----END PUBLIC KEY-----