feat: add first version of cosign-sign plugin

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>

Dockerfile

@@ -1,4 +1,6 @@
-FROM alpine
+FROM alpine:3.22
+
+RUN apk add --no-cache ca-certificates cosign
 
 COPY entrypoint.sh /entrypoint.sh
 

README.md

@@ -1,3 +1,3 @@
-# .plugin-template
+# plugin-cosign-sign
 
-Template repository for Woodpecker CI plugins.
+Woodpecker plugin to sign OCI artifacts with [Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/).

doc.md

@@ -1 +1,29 @@
-# some-plugin-name
+---
+name: Cosign Sign
+icon: https://codeberg.org/woodpecker-plugins/prettier/raw/branch/main/prettier.png
+description: Sign OCI artifacts with Cosign.
+author: Vojtěch Mareš
+tags: [oci, cosign, sign, security]
+containerImage: registry.mareshq.com/woodpecker-plugins/cosign-sign
+containerImageUrl: https://registry.mareshq.com/woodpecker-plugins/cosign-sign
+url: https://git.mareshq.com/woodpecker-plugins/cosign-sign
+---
+
+# cosign-sign
+
+## Sample
+
+```yaml
+steps:
+  prettier:
+    image: registry.mareshq.com/woodpecker-plugins/cosign-sign
+    settings:
+      image: registry.example.com/app:latest
+```
+
+## Settings
+
+| Settings Name | Type    | Default | Description                                                                 |
+| ------------- | ------- | ------- | --------------------------------------------------------------------------- |
+| `image`       | string | empty    | Image name including tag. |
+| `key_path`       | string | `./cosign.key`    | Path to signing key |

entrypoint.sh

@@ -1,3 +1,8 @@
 #! /bin/sh
 
-echo "Hello from plugin, I think you forgot to write me!"
+if [ -z ${PLUGIN_IMAGE+x} ]; then
+    echo "ERROR: image setting is required."
+    exit 1
+fi
+
+cosign sign --key "${PLUGIN_KEY_PATH:-"./cosign.key"}" "${PLUGIN_IMAGE}"