c152953089
Generated a cosign keypair for v0.7 OCI signing. - bluebuild/cosign.pub committed alongside the recipe - cosign.key stored on operator workstation only (chmod 600) - COSIGN_PRIVATE_KEY Forgejo Actions secret set to the same key - Workflow stages the secret to bluebuild/cosign.key at build time (chmod 600), where the BlueBuild signing module picks it up - .gitignore guards against any cosign.key accidental commit - Restored the type:signing module in recipe.yml The 'stage-keys' COPY step in BlueBuild's generated containerfile fails without cosign.pub adjacent to recipe.yml even when type:signing is removed; re-add the module + provide real keys. |
||
|---|---|---|
| .. | ||
| workflows | ||
| CODEOWNERS | ||
| PULL_REQUEST_TEMPLATE.md | ||