From 6310716a54a028585af96294c77103fa5bc6bed2 Mon Sep 17 00:00:00 2001
From: PolyCat <contact.polycat@proton.me>
Date: Wed, 11 Dec 2024 14:04:47 +0200
Subject: [PATCH] readded container signing step

---
 .github/workflows/build.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 25fd60c..faea5e5 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -119,3 +119,17 @@ jobs:
           image: ${{ steps.build_image.outputs.image }}
           tags: ${{ steps.build_image.outputs.tags }}
           registry: ${{ steps.registry_case.outputs.lowercase }}
+
+
+      # Sign container
+      - uses: sigstore/cosign-installer@v3.7.0
+        if: github.event_name != 'pull_request'
+
+      - name: Sign container image
+        if: github.event_name != 'pull_request'
+        run: |
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
+        env:
+          TAGS: ${{ steps.push.outputs.digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}