feat: add cosign signing for docker images in release pipeline (#89)

* Initial plan

* feat: add cosign signing for docker images in release pipeline

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

* docs: add cosign verification instructions to release template

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

* refactor: use anchore/sbom-action for secure sbom generation

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

* docs: improve cosign installation instructions with security notes

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

* docs: emphasize package manager installation for cosign

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

* chore: pin github actions to commit hashes

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

* docs: move image verification to dedicated doc file

Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Mossaka <5447827+Mossaka@users.noreply.github.com>

Author: Copilot

.github/workflows/release.yml

@@ -9,6 +9,7 @@ on:
 permissions:
   contents: write   # Required for creating releases
   packages: write   # Required for pushing to GHCR
+  id-token: write   # Required for cosign keyless signing
 
 jobs:
   build-and-release:
@@ -55,7 +56,11 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Install cosign
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+
       - name: Build and push Squid image
+        id: build_squid
         uses: docker/build-push-action@v5
         with:
           context: ./containers/squid
@@ -66,7 +71,27 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Sign Squid image with cosign
+        run: |
+          cosign sign --yes \
+            ghcr.io/${{ github.repository }}/squid@${{ steps.build_squid.outputs.digest }}
+
+      - name: Generate SBOM for Squid image
+        uses: anchore/sbom-action@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0
+        with:
+          image: ghcr.io/${{ github.repository }}/squid@${{ steps.build_squid.outputs.digest }}
+          format: spdx-json
+          output-file: squid-sbom.spdx.json
+
+      - name: Attest SBOM for Squid image
+        run: |
+          cosign attest --yes \
+            --predicate squid-sbom.spdx.json \
+            --type spdxjson \
+            ghcr.io/${{ github.repository }}/squid@${{ steps.build_squid.outputs.digest }}
+
       - name: Build and push Agent image
+        id: build_agent
         uses: docker/build-push-action@v5
         with:
           context: ./containers/agent
@@ -77,6 +102,25 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+      - name: Sign Agent image with cosign
+        run: |
+          cosign sign --yes \
+            ghcr.io/${{ github.repository }}/agent@${{ steps.build_agent.outputs.digest }}
+
+      - name: Generate SBOM for Agent image
+        uses: anchore/sbom-action@d94f46e13c6c62f59525ac9a1e147a99dc0b9bf5 # v0.17.0
+        with:
+          image: ghcr.io/${{ github.repository }}/agent@${{ steps.build_agent.outputs.digest }}
+          format: spdx-json
+          output-file: agent-sbom.spdx.json
+
+      - name: Attest SBOM for Agent image
+        run: |
+          cosign attest --yes \
+            --predicate agent-sbom.spdx.json \
+            --type spdxjson \
+            ghcr.io/${{ github.repository }}/agent@${{ steps.build_agent.outputs.digest }}
+
       - name: Install pkg for binary creation
         run: npm install -g pkg
 

README.md

@@ -31,6 +31,8 @@ sudo awf --help
 
 **Note:** Verify checksums after download by downloading `checksums.txt` from the release page.
 
+**Docker Image Verification:** All published container images are cryptographically signed with cosign. See [docs/image-verification.md](docs/image-verification.md) for verification instructions.
+
 ### Basic Usage
 
 ```bash

docs/RELEASE_TEMPLATE.md

@@ -83,3 +83,17 @@ Published to GitHub Container Registry:
 - `ghcr.io/{{REPOSITORY}}/agent:{{VERSION_NUMBER}}`
 - `ghcr.io/{{REPOSITORY}}/squid:latest`
 - `ghcr.io/{{REPOSITORY}}/agent:latest`
+
+### Image Verification
+
+All container images are cryptographically signed with [cosign](https://github.com/sigstore/cosign) for authenticity verification.
+
+```bash
+# Verify image signature
+cosign verify \
+  --certificate-identity-regexp 'https://github.com/{{REPOSITORY}}/.*' \
+  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
+  ghcr.io/{{REPOSITORY}}/squid:{{VERSION_NUMBER}}
+```
+
+For detailed instructions including SBOM verification, see [docs/image-verification.md](https://github.com/{{REPOSITORY}}/blob/{{VERSION}}/docs/image-verification.md).

docs/image-verification.md

@@ -0,0 +1,73 @@
+# Docker Image Verification
+
+All published Docker images are signed with [cosign](https://github.com/sigstore/cosign) using keyless signing. You can verify the signatures to ensure image authenticity and integrity.
+
+## Installing Cosign
+
+### Package Managers (Recommended)
+
+```bash
+# Homebrew (macOS/Linux)
+brew install cosign
+
+# Debian/Ubuntu
+sudo apt update && sudo apt install -y cosign
+```
+
+See the [official installation guide](https://docs.sigstore.dev/cosign/installation/) for all installation options.
+
+### Direct Download
+
+```bash
+# Quick install for testing (verify checksums from GitHub release page for production)
+curl -sSfL https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 -o cosign
+chmod +x cosign
+sudo mv cosign /usr/local/bin/
+```
+
+## Verifying Image Signatures
+
+All images are signed using GitHub Actions OIDC tokens, ensuring they come from the official repository.
+
+### Verify Squid Image
+
+```bash
+cosign verify \
+  --certificate-identity-regexp 'https://github.com/githubnext/gh-aw-firewall/.*' \
+  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
+  ghcr.io/githubnext/gh-aw-firewall/squid:latest
+```
+
+### Verify Agent Image
+
+```bash
+cosign verify \
+  --certificate-identity-regexp 'https://github.com/githubnext/gh-aw-firewall/.*' \
+  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
+  ghcr.io/githubnext/gh-aw-firewall/agent:latest
+```
+
+## Verifying SBOM Attestations
+
+Images include Software Bill of Materials (SBOM) attestations for supply chain transparency.
+
+```bash
+cosign verify-attestation \
+  --certificate-identity-regexp 'https://github.com/githubnext/gh-aw-firewall/.*' \
+  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
+  --type spdxjson \
+  ghcr.io/githubnext/gh-aw-firewall/squid:latest
+```
+
+## What Gets Signed
+
+- **Image Signatures**: Cryptographic signatures proving the image was built by the official GitHub Actions workflow
+- **SBOM Attestations**: Software Bill of Materials in SPDX JSON format, listing all dependencies and components
+- **Transparency Log**: All signatures are recorded in Sigstore's Rekor transparency log
+
+## Security Benefits
+
+- **Image Authenticity**: Verify images come from the official repository
+- **Supply Chain Security**: SBOM attestations provide transparency about image contents
+- **Keyless Signing**: Uses GitHub Actions OIDC tokens (no secret keys to manage)
+- **Reproducible Builds**: GitHub Actions pinned to commit hashes prevent supply chain attacks