feat(cosign): add support for cosign bundle (#4023)

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
2026-06-17 21:17:58 +08:00 · 2026-05-01 00:21:06 -07:00
parent 993a17f5d0
commit 0b2eaa0f9a
15 changed files with 135 additions and 47 deletions
@@ -268,6 +268,11 @@ func CreateMockCosignSignature(subject *ispec.Descriptor) Image {
 		ArtifactType(common.ArtifactTypeCosign).Build()
 }

+func CreateMockCosignBundleSignature(subject *ispec.Descriptor) Image {
+	return CreateImageWith().EmptyLayer().EmptyConfig().Subject(subject).
+		ArtifactType(common.ArtifactTypeCosignBundle).Build()
+}
+
 type BaseImageBuilder struct {
 	layers []Layer

@@ -266,12 +266,12 @@ func (olu BaseOciLayoutUtils) checkCosignSignature(name string, digest godigest.
 		return true
 	}

-	mediaType := common.ArtifactTypeCosign
+	mediaTypes := []string{common.ArtifactTypeCosign, common.ArtifactTypeCosignBundle}

-	referrers, err := imageStore.GetReferrers(name, digest, []string{mediaType})
+	referrers, err := imageStore.GetReferrers(name, digest, mediaTypes)
 	if err != nil {
 		olu.Log.Info().Err(err).Str("repository", name).Str("digest",
-			digest.String()).Str("mediatype", mediaType).Msg("invalid cosign signature")
+			digest.String()).Interface("mediatypes", mediaTypes).Msg("invalid cosign signature")

 		return false
 	}