From 974adf0aa88084c1be440593fcae10e1d60db0d4 Mon Sep 17 00:00:00 2001
From: Florian RICHER <florian.richer@protonmail.com>
Date: Fri, 11 Oct 2024 21:53:14 +0200
Subject: [PATCH] Add cosign + rename all github by gitea

---
 .gitea/workflows/build.yml | 74 +++++++++++++++++++-------------------
 cosign.pub                 |  4 +++
 2 files changed, 41 insertions(+), 37 deletions(-)
 create mode 100644 cosign.pub

diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 9235ccc..9af7b2a 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -14,9 +14,9 @@ on:
   workflow_dispatch:
 
 env:
-  MY_IMAGE_NAME: "${{ github.event.repository.name }}"  # the name of the image produced by this build, matches repo names
+  MY_IMAGE_NAME: "${{ gitea.event.repository.name }}"  # the name of the image produced by this build, matches repo names
   MY_IMAGE_DESC: "My Customized Universal Blue Image"
-  IMAGE_REGISTRY: "gitea.mrdev023.fr/${{ github.repository_owner }}"  # do not edit
+  IMAGE_REGISTRY: "gitea.mrdev023.fr/${{ gitea.repository_owner }}"  # do not edit
 
 jobs:
   build_push:
@@ -45,8 +45,8 @@ jobs:
           BUILD_TAGS=()
 
           # Have tags for tracking builds during pull request
-          SHA_SHORT="${GITHUB_SHA::7}"
-          COMMIT_TAGS+=("pr-${{ github.event.number }}")
+          SHA_SHORT="${GITEA_SHA::7}"
+          COMMIT_TAGS+=("pr-${{ gitea.event.number }}")
           COMMIT_TAGS+=("${SHA_SHORT}")
 
           # Append matching timestamp tags to keep a version history
@@ -57,7 +57,7 @@ jobs:
           BUILD_TAGS+=("${TIMESTAMP}")
           BUILD_TAGS+=("latest")
 
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
+          if [[ "${{ gitea.event_name }}" == "pull_request" ]]; then
               echo "Generated the following commit tags: "
               for TAG in "${COMMIT_TAGS[@]}"; do
                   echo "${TAG}"
@@ -73,7 +73,7 @@ jobs:
               echo "${TAG}"
           done
 
-          echo "alias_tags=${alias_tags[*]}" >> $GITHUB_OUTPUT
+          echo "alias_tags=${alias_tags[*]}" >> $GITEA_OUTPUT
 
       # Build metadata
       - name: Image Metadata
@@ -84,7 +84,7 @@ jobs:
             ${{ env.MY_IMAGE_NAME }}
 
           labels: |
-            io.artifacthub.package.readme-url=https://gitea.mrdev023.fr/${{ github.repository }}/raw/branch/main/README.md
+            io.artifacthub.package.readme-url=https://gitea.mrdev023.fr/${{ gitea.repository }}/raw/branch/main/README.md
             org.opencontainers.image.description=${{ env.MY_IMAGE_DESC }}
             org.opencontainers.image.title=${{ env.MY_IMAGE_NAME }}
 
@@ -111,27 +111,27 @@ jobs:
         with:
           string: ${{ env.IMAGE_REGISTRY }}
 
-      # - name: Login to GitHub Container Registry
-      #   uses: docker/login-action@v3
-      #   with:
-      #     registry: ghcr.io
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to GitHub Container Registry
+        uses: https://github.com/docker/login-action@v3
+        with:
+          registry: gitea.mrdev023.fr
+          username: ${{ secrets.USERNAME }}
+          password: ${{ secrets.PASSWORD }}
 
-      # - name: Push Image to GHCR
-      #   uses: redhat-actions/push-to-registry@v2
-      #   id: push
-      #   env:
-      #     REGISTRY_USER: ${{ github.actor }}
-      #     REGISTRY_PASSWORD: ${{ github.token }}
-      #   with:
-      #     image: ${{ steps.build_image.outputs.image }}
-      #     tags: ${{ steps.build_image.outputs.tags }}
-      #     registry: ${{ steps.registry_case.outputs.lowercase }}
-      #     username: ${{ env.REGISTRY_USER }}
-      #     password: ${{ env.REGISTRY_PASSWORD }}
-      #     extra-args: |
-      #       --disable-content-trust
+      - name: Push Image to GHCR
+        uses: https://github.com/redhat-actions/push-to-registry@v2
+        id: push
+        env:
+          REGISTRY_USER: ${{ secrets.USERNAME }}
+          REGISTRY_PASSWORD: ${{ secrets.PASSWORD }}
+        with:
+          image: ${{ steps.build_image.outputs.image }}
+          tags: ${{ steps.build_image.outputs.tags }}
+          registry: ${{ steps.registry_case.outputs.lowercase }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+          extra-args: |
+            --disable-content-trust
 
       # This section is optional and only needs to be enabled if you plan on distributing
       # your project for others to consume. You will need to create a public and private key
@@ -139,14 +139,14 @@ jobs:
       # to consume. For more details, review the image signing section of the README.
 
       # Sign container
-      # - uses: sigstore/cosign-installer@v3.5.0
-      #   if: github.event_name != 'pull_request'
+      - uses: https://github.com/sigstore/cosign-installer@v3.5.0
+        if: gitea.event_name != 'pull_request'
 
-      # - name: Sign container image
-      #   if: github.event_name != 'pull_request'
-      #   run: |
-      #     cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
-      #   env:
-      #     TAGS: ${{ steps.push.outputs.digest }}
-      #     COSIGN_EXPERIMENTAL: false
-      #     COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+      - name: Sign container image
+        if: gitea.event_name != 'pull_request'
+        run: |
+          cosign sign -y --key env://COSIGN_PRIVATE_KEY ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
+        env:
+          TAGS: ${{ steps.push.outputs.digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
diff --git a/cosign.pub b/cosign.pub
new file mode 100644
index 0000000..d65ce2b
--- /dev/null
+++ b/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmCGpDZ8x9OWr5AVR9aCqXiDB6tM5
+vlKUAUDfHZRDGPPzl+l/ymsrkxdeVhJO/Pg4OSMblrheOO3hYx1ZKWWscg==
+-----END PUBLIC KEY-----