From 80cf97e4b370f9a85459058de6591fb1d92176c0 Mon Sep 17 00:00:00 2001
From: gbenhaim <gbenhaim@redhat.com>
Date: Sun, 14 Apr 2024 11:19:53 +0300
Subject: [PATCH] Configurable public key path for EC pipeline

Allow to mention the path to the public key in the enterprise-contract
pipeline. This is needed when running on non OCP k8s cluster.

Signed-off-by: gbenhaim <gbenhaim@redhat.com>
---
 pipelines/enterprise-contract.yaml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/pipelines/enterprise-contract.yaml b/pipelines/enterprise-contract.yaml
index 7b8990f688..6817c73f13 100644
--- a/pipelines/enterprise-contract.yaml
+++ b/pipelines/enterprise-contract.yaml
@@ -40,6 +40,13 @@ spec:
         "/var/run/secrets/kubernetes.io/serviceaccount" is a good value. Multiple
         paths can be provided by using the ":" separator.
       default: ""
+    - name: PUBLIC_KEY
+      type: string
+      default: "k8s://openshift-pipelines/public-key"
+      description: |
+        Public key used to verify signatures. Must be a valid k8s cosign
+        reference, e.g. k8s://my-space/my-secret where my-secret contains
+        the expected cosign.pub attribute.
   results:
     - name: TEST_OUTPUT
       value: "$(tasks.verify.results.TEST_OUTPUT)"
@@ -59,7 +66,7 @@ spec:
         - name: STRICT
           value: "true"
         - name: PUBLIC_KEY
-          value: "k8s://openshift-pipelines/public-key"
+          value: "$(params.PUBLIC_KEY)"
         - name: IGNORE_REKOR
           value: "true"
       taskRef: