Configurable public key path for EC pipeline

Allow to mention the path to the public key in the enterprise-contract pipeline. This is needed when running on non OCP k8s cluster. Signed-off-by: gbenhaim <[email protected]>
konflux-ci · Apr 14, 2024 · 80cf97e · 80cf97e
1 parent b41a35a
commit 80cf97e
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/pipelines/enterprise-contract.yaml b/pipelines/enterprise-contract.yaml
@@ -40,6 +40,13 @@ spec:
         "/var/run/secrets/kubernetes.io/serviceaccount" is a good value. Multiple
         paths can be provided by using the ":" separator.
       default: ""
+    - name: PUBLIC_KEY
+      type: string
+      default: "k8s://openshift-pipelines/public-key"
+      description: |
+        Public key used to verify signatures. Must be a valid k8s cosign
+        reference, e.g. k8s://my-space/my-secret where my-secret contains
+        the expected cosign.pub attribute.
   results:
     - name: TEST_OUTPUT
       value: "$(tasks.verify.results.TEST_OUTPUT)"
@@ -59,7 +66,7 @@ spec:
         - name: STRICT
           value: "true"
         - name: PUBLIC_KEY
-          value: "k8s://openshift-pipelines/public-key"
+          value: "$(params.PUBLIC_KEY)"
         - name: IGNORE_REKOR
           value: "true"
       taskRef: