Verify cosign signatures after signing

Signed-off-by: Juan-Luis de Sousa-Valadas Castaño <[email protected]>

Author: juanluisvaladas

.github/workflows/release.yml

@@ -105,6 +105,7 @@ jobs:
           chmod +x ./cosign
           COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=true --output-file=k0s.sig k0s
           cat k0s.sig
+          COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign verify-blob --key env://COSIGN_KEY --signature k0s.sig k0s
 
       - name: Upload Release Assets - Binary
         uses: shogo82148/[email protected]
@@ -197,6 +198,7 @@ jobs:
           chmod +x ./cosign
           COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=true --output-file=k0s.exe.sig k0s.exe
           cat k0s.exe.sig
+          COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign verify-blob --key env://COSIGN_KEY --signature k0s.exe.sig k0s.exe
 
       - name: Clean Docker
         run: |
@@ -265,6 +267,7 @@ jobs:
           chmod +x ./cosign
           COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=true --output-file=k0s.sig k0s
           cat k0s.sig
+          COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign verify-blob --key env://COSIGN_KEY --signature k0s.sig k0s
 
       - name: Set up Go for smoke tests
         uses: actions/setup-go@v3
@@ -352,6 +355,7 @@ jobs:
           chmod +x ./cosign
           COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign sign-blob --key env://COSIGN_KEY --tlog-upload=true --output-file=k0s.sig k0s
           cat k0s.sig
+          COSIGN_KEY="$(printf %s "$COSIGN_KEY" | base64 -d)" ./cosign verify-blob --key env://COSIGN_KEY --signature k0s.sig k0s
 
       - name: Set up Go for smoke tests
         uses: actions/setup-go@v3