c152953089
Generated a cosign keypair for v0.7 OCI signing. - bluebuild/cosign.pub committed alongside the recipe - cosign.key stored on operator workstation only (chmod 600) - COSIGN_PRIVATE_KEY Forgejo Actions secret set to the same key - Workflow stages the secret to bluebuild/cosign.key at build time (chmod 600), where the BlueBuild signing module picks it up - .gitignore guards against any cosign.key accidental commit - Restored the type:signing module in recipe.yml The 'stage-keys' COPY step in BlueBuild's generated containerfile fails without cosign.pub adjacent to recipe.yml even when type:signing is removed; re-add the module + provide real keys.
19 lines
231 B
Text
19 lines
231 B
Text
build/out/
|
|
build/cache/
|
|
*.iso
|
|
*.img
|
|
*.log
|
|
*.pp
|
|
*.mod
|
|
.DS_Store
|
|
.idea/
|
|
.vscode/
|
|
secrets/
|
|
*.key
|
|
*.pem
|
|
test/veilor-vm.qcow2
|
|
test/veilor-vm.nvram*
|
|
test/auto-install-vm.qcow2
|
|
test/auto-install-vm.nvram*
|
|
.claude/worktrees/
|
|
**/cosign.key
|