Sign Flagger container images with cosign

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>

.github/workflows/release.yml

@@ -9,6 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - uses: sigstore/cosign-installer@main
       - name: Prepare
         id: prep
         run: |
@@ -52,9 +53,18 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
             org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
+      - name: Sign image
+        run: |
+          echo -n "${{secrets.COSIGN_PASSWORD}}" | \
+          cosign sign -key ./cosign/cosign.key -a git_sha=$GITHUB_SHA \
+          ghcr.io/fluxcd/flagger:${{ steps.prep.outputs.VERSION }}
       - name: Check images
         run: |
           docker buildx imagetools inspect ghcr.io/fluxcd/flagger:${{ steps.prep.outputs.VERSION }}
+      - name: Verifiy image signature
+        run: |
+          cosign verify -key ./cosign/cosign.pub \
+          ghcr.io/fluxcd/flagger:${{ steps.prep.outputs.VERSION }}
       - name: Publish Helm charts
         uses: stefanprodan/helm-gh-pages@v1.3.0
         with: