From dcab0ce672e7f40c2b868209c6fb10f88fc2fbea Mon Sep 17 00:00:00 2001
From: XLion <xlion@xlion.tw>
Date: Mon, 28 Oct 2024 02:42:43 +0800
Subject: [PATCH] cosign

---
 .github/workflows/latest.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/latest.yml b/.github/workflows/latest.yml
index 97d335c..57b4a40 100644
--- a/.github/workflows/latest.yml
+++ b/.github/workflows/latest.yml
@@ -20,8 +20,23 @@ env:
     # armhf is ARMv7 (32bit) 
   
 jobs:
+    verify:
+      name: Verify container
+      runs-on: ubuntu-latest
+      steps:
+        - name: Install Cosign
+          uses: sigstore/cosign-installer@v3.7.0
+
+        - name: Verify
+          run: |
+            cosign verify --rekor-url=https://rekor.sigstore.dev \
+            --certificate-identity-regexp "https://github.com/xlionjuan/.*" \
+            --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
+            ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest
+
     build:
       runs-on: ubuntu-latest
+      needs: verify
       container: ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest
       steps:
         - name: Checkout code