From cc22abd2a9b43627eebc5dd2a8d8035fc6694d9d Mon Sep 17 00:00:00 2001
From: Clement Bois <clement.bois@orange.com>
Date: Tue, 12 Aug 2025 16:47:40 +0200
Subject: [PATCH] fix: use preinstalled cosign

---
 templates/gitlab-ci-docker.yml | 50 +++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 22 deletions(-)

diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index aa07f64..546e989 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -436,34 +436,40 @@ stages:
   }
 
   function install_cosign() {
-    if [[ -z "$DOCKER_COSIGN_DIST_URL" ]]
+    if command -v cosign &> /dev/null
     then
-      log_info "Cosign version unset: retrieve latest version..."
-      cosign_version=$(github_get_latest_version sigstore/cosign)
-      DOCKER_COSIGN_DIST_URL="https://github.com/sigstore/cosign/releases/download/${cosign_version}/cosign-linux-amd64"
-      log_info "... use latest Cosign version: \\e[32m$DOCKER_COSIGN_DIST_URL\\e[0m"
-    fi
-    docker_cosign="$CI_PROJECT_DIR/.cache/cosign-$(echo "$DOCKER_COSIGN_DIST_URL" | md5sum | cut -d" " -f1)"
-    if [[ -f $docker_cosign ]]
-    then
-      log_info "Cosign found in cache (\\e[32m$DOCKER_COSIGN_DIST_URL\\e[0m): reuse"
+      log_info "\\e[32mcosign\\e[0m is already installed"
+      docker_cosign="cosign"
     else
-      log_info "Cosign not found in cache (\\e[32m$DOCKER_COSIGN_DIST_URL\\e[0m): download"
-      if command -v curl > /dev/null
+      if [[ -z "$DOCKER_COSIGN_DIST_URL" ]]
       then
-        curl -L -o cosign "$DOCKER_COSIGN_DIST_URL"
-      elif command -v wget > /dev/null
+        log_info "Cosign version unset: retrieve latest version..."
+        cosign_version=$(github_get_latest_version sigstore/cosign)
+        DOCKER_COSIGN_DIST_URL="https://github.com/sigstore/cosign/releases/download/${cosign_version}/cosign-linux-amd64"
+        log_info "... use latest Cosign version: \\e[32m$DOCKER_COSIGN_DIST_URL\\e[0m"
+      fi
+      docker_cosign="$CI_PROJECT_DIR/.cache/cosign-$(echo "$DOCKER_COSIGN_DIST_URL" | md5sum | cut -d" " -f1)"
+      if [[ -f $docker_cosign ]]
       then
-        wget -O cosign "$DOCKER_COSIGN_DIST_URL"
+        log_info "Cosign found in cache (\\e[32m$DOCKER_COSIGN_DIST_URL\\e[0m): reuse"
+      else
+        log_info "Cosign not found in cache (\\e[32m$DOCKER_COSIGN_DIST_URL\\e[0m): download"
+        if command -v curl > /dev/null
+        then
+          curl -L -o cosign "$DOCKER_COSIGN_DIST_URL"
+        elif command -v wget > /dev/null
+        then
+          wget -O cosign "$DOCKER_COSIGN_DIST_URL"
+        fi
+        
+        mkdir -p "$CI_PROJECT_DIR/.cache"
+        # shellcheck disable=SC2086
+        mv ./cosign $docker_cosign
+        # shellcheck disable=SC2086
+        chmod a+x $docker_cosign
       fi
-      
-      mkdir -p "$CI_PROJECT_DIR/.cache"
-      # shellcheck disable=SC2086
-      mv ./cosign $docker_cosign
-      # shellcheck disable=SC2086
-      chmod a+x $docker_cosign
-      export docker_cosign
     fi
+    export docker_cosign
   }
 
   function unscope_variables() {
-- 
GitLab