From b87191ec496a93a2dce4d203af2c13d096f7fc94 Mon Sep 17 00:00:00 2001
From: Frederic Mereu <frederic.mereu@gaming1.com>
Date: Wed, 2 Oct 2024 15:24:39 +0200
Subject: [PATCH] feat: add signature

---
 .github/workflows/publish.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 2cfaf7a..939366b 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -38,10 +38,20 @@ jobs:
           helm registry login registry-1.docker.io -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Push Helm chart
+        id: push
         shell: bash
         run: |
           version="${{ steps.tag.outputs.tag }}"
           ersion="${version#v}"
           echo "version is ${version}, ersion is ${ersion}"
           helm package test-chart --dependency-update --version "${ersion}"
-          helm push test-chart-*.tgz "oci://registry-1.docker.io/fad3t"
+          helm push test-chart-*.tgz "oci://registry-1.docker.io/fad3t" &> metadata.txt
+          digest=$(awk '/Digest: /{print $2}' metadata.txt)
+          echo "digest=${digest}" >> GITHUB_OUTPUT
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+
+      - name: Sign Container Image
+        run: |
+          cosign sign -y registry-1.docker.io/fad3t/test-chart@${{ steps.push.outputs.digest }}