From e7af1a8572c0ff3d54f6c1d45382ecf7761ceb74 Mon Sep 17 00:00:00 2001
From: Tulili <tulilirockz@outlook.com>
Date: Wed, 1 May 2024 13:18:59 -0300
Subject: [PATCH] ci: proper image caching + signing

---
 .github/workflows/build.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ffde513..5d85f49 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -117,7 +117,9 @@ jobs:
           push: false 
           file: /tmp/Containerfile
           tags: ${{env.IMAGE_REGISTRY}}/${{ steps.recipe_meta.outputs.IMAGE_NAME }}:latest
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }} 
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
 
       - name: Sign kernel
         uses: atomic-studio-org/kernel-signer-docker@main
@@ -152,8 +154,9 @@ jobs:
       - name: Sign container image
         shell: bash
         run: |
-          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.recipe_meta.outputs.IMAGE_NAME }}@${{ steps.build_image.outputs.digest }}
+          SIGN_IMAGE=$(docker inspect --format='{{index .RepoDigests 0}}' ${{env.IMAGE_REGISTRY}}/${{ steps.recipe_meta.outputs.IMAGE_NAME }}:latest)
           cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ env.IMAGE_REGISTRY }}/${{ steps.recipe_meta.outputs.IMAGE_NAME }}
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY $SIGN_IMAGE
         env:
           COSIGN_EXPERIMENTAL: false
           COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}