added signed artifacts and SBOM generation capabilities

2026-05-12 21:31:43 +02:00
parent ab94775162
commit 822f723ff1
16 changed files with 1615 additions and 12 deletions
@@ -37,6 +37,10 @@ type Config struct {
 	InstanceURL  string
 	InstanceName string

+	// Artifact signing (Phase 4)
+	// PEM-encoded ECDSA P-256 private key.  If empty an ephemeral key is generated.
+	ArtifactSigningKey string
+
 	// Dev
 	Debug bool
 }
@@ -61,6 +65,9 @@ func Load() (*Config, error) {
 	cfg.SessionSecret = requireEnv("SESSION_SECRET", &missing)
 	cfg.CSRFSecret = requireEnv("CSRF_SECRET", &missing)

+	// Optional signing key
+	cfg.ArtifactSigningKey = os.Getenv("ARTIFACT_SIGNING_KEY")
+
 	// Optional OIDC
 	cfg.OIDCIssuer = os.Getenv("OIDC_ISSUER")
 	cfg.OIDCClientID = os.Getenv("OIDC_CLIENT_ID")