Fix: Check for container signature during release
Previously, container releases checked for the container on the
remote server, and skip the release process if it is found. However,
a failure in signing could occur after the push to remote, and if
this step failed, it would never re-run because the entire release
step would be skipped.
This change adds a step to also verify that the signature is also on
the remote if the image is found, and then attempts to sign the image
if the signature is not present. To do this, the following changes
were made:
* Move installation of cosign binary to before image check
* Add public key credential for verification
* Run only cosign command if image is found on remote but not sig
Issue: IT-29095
Change-Id: I025b1662238df38d558e2a31c96f4fa223d8ca3f
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Code Review / releng / global-jjb.git / commit