chore: create sign image workflow #7

	name: Sign Image

	on:
	pull_request:

	jobs:
	sign-image:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	env:
	IMAGE_TO_SIGN: "ghcr.io/rsturla/eternal-linux/main/kinoite:pr160-91478c5-40-zstd-chunked"
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Login to GHCR
	uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Get digest
	id: get-digest
	run: \|
	digest=$(skopeo inspect docker://$IMAGE_TO_SIGN --format '{{.Digest}}')
	name=$(skopeo inspect docker://$IMAGE_TO_SIGN --format '{{.Name}}')
	echo "DIGEST=$digest" >> $GITHUB_OUTPUT
	echo "NAME=$name" >> $GITHUB_OUTPUT

	- name: Setup Cosign
	uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0

	- name: Sign Image
	env:
	SIGNING_KEY: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY }}
	COSIGN_EXPERIMENTAL: false
	COSIGN_PASSWORD: ${{ secrets.ETERNAL_LINUX_SIGNING_KEY_PASSPHRASE }}
	IMAGE_NAME: ${{ steps.get-digest.outputs.NAME }}
	IMAGE_DIGEST: ${{ steps.get-digest.outputs.DIGEST }}
	run: \|
	cosign sign -y --key env://SIGNING_KEY $IMAGE_NAME@$IMAGE_DIGEST

Provide feedback