From 594082662e73e4b50ec04093ebc4aa82e73bd562 Mon Sep 17 00:00:00 2001
From: Stefan Agner <stefan@agner.ch>
Date: Wed, 20 Mar 2024 16:11:10 +0100
Subject: [PATCH 1/2] Revert "Disable cosign signature verification (#197)"

This reverts commit ad63daf476cc02ba4edfd1c85fb5b4c695521748.
---
 build.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/build.yaml b/build.yaml
index c8d9882..9233890 100644
--- a/build.yaml
+++ b/build.yaml
@@ -5,6 +5,9 @@ build_from:
   armhf: "ghcr.io/home-assistant/armhf-base:3.18"
   amd64: "ghcr.io/home-assistant/amd64-base:3.18"
   i386: "ghcr.io/home-assistant/i386-base:3.18"
+cosign:
+  base_identity: https://github.com/home-assistant/docker-base/.*
+  identity: https://github.com/home-assistant/builder/.*
 args:
   YQ_VERSION: "v4.13.2"
   COSIGN_VERSION: "2.2.3"

From 3e0889104dacaedb4e852cd1b13cd5abb15cf790 Mon Sep 17 00:00:00 2001
From: Stefan Agner <stefan@agner.ch>
Date: Wed, 20 Mar 2024 16:11:21 +0100
Subject: [PATCH 2/2] Revert "Disable cosign verification by default (#199)"

This reverts commit eec2fe473801c8dfe3e78e3ac4516f79d04a2b18.
---
 action.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/action.yml b/action.yml
index 47e528c..81f6f39 100644
--- a/action.yml
+++ b/action.yml
@@ -25,6 +25,10 @@ runs:
     - shell: bash
       run: |
         docker pull ghcr.io/home-assistant/amd64-builder:${{ steps.version.outputs.version }}
+        cosign verify \
+          --certificate-oidc-issuer https://token.actions.githubusercontent.com \
+          --certificate-identity-regexp https://github.com/home-assistant/builder/.* \
+          ghcr.io/home-assistant/amd64-builder:${{ steps.version.outputs.version }}
 
     - shell: bash
       id: builder