cli
cli copied to clipboard
fix: Updating policy.json to properly verify images
We need to look into some workflow to handle properly verifying images before rebasing on a signed keyless image.
- https://www.mankier.com/5/containers-policy.json#Examples
- https://github.com/bsherman/ublue-custom/blob/main/.github/workflows/build.yml#L181-L191
- https://github.com/sigstore/root-signing/blob/main/repository/repository/root.json
- https://github.com/sigstore/sigstore/tree/main/pkg/tuf/repository/targets