Add buildah sign task as image

Signed-off-by: Enrique Belarte Luque <[email protected]>
rh-ecosystem-edge · Feb 19, 2025 · 02fae3d · 02fae3d
1 parent 9ff0d6d
commit 02fae3d
Showing 1 changed file with 10 additions and 10 deletions.
diff --git a/.tekton/buildah-oci-ta.yaml b/.tekton/buildah-oci-ta.yaml
@@ -623,18 +623,18 @@ spec:
           export "AWS_DEFAULT_REGION=$AWS_REGION"
           sed  -i '1i openssl_conf = openssl_init' /etc/pki/tls/openssl.cnf && \
           cat /etc/aws-kms-pkcs11/openssl-pkcs11.conf >> /etc/pki/tls/openssl.cnf
-          cat <<-EOF > /etc/aws-kms-pkcs11/config.json
+          cat <<CONFIGEND > /etc/aws-kms-pkcs11/config.json
           {
-            "slots": [
-              {
-                "label": "$AWS_KMS_KEY_LABEL",
-                "kms_key_id": "$AWS_KMS_TOKEN",
-                "aws_region": "$AWS_DEFAULT_REGION",
-                "certificate_path": "/etc/aws-kms-pkcs11/cert.pem"
-              }
-            ]
+          "slots": [
+          {
+          "label": "$AWS_KMS_KEY_LABEL",
+          "kms_key_id": "$AWS_KMS_TOKEN",
+          "aws_region": "$AWS_DEFAULT_REGION",
+          "certificate_path": "/etc/aws-kms-pkcs11/cert.pem"
+          }
+          ]
           }
-EOF
+          CONFIGEND
           export PKCS11_MODULE_PATH=/usr/lib64/pkcs11/aws_kms_pkcs11.so
           openssl req -config /etc/aws-kms-pkcs11/x509.genkey -x509 -key "pkcs11:model=0;manufacturer=aws_kms;serial=0;token=$AWS_KMS_KEY_LABEL" -keyform engine -engine pkcs11 -out /etc/aws-kms-pkcs11/cert.pem -days 36500
           sign_container=$(buildah from "$IMAGE")