ci: enable image signing

Author: marquiz

.github/workflows/images.yml

@@ -38,6 +38,12 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@v3
+        with:
+          cosign-release: 'v2.5.3'
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -81,3 +87,9 @@ jobs:
           push: ${{ github.event_name == 'push' }}
           platforms: ${{ github.event_name == 'push' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
           tags: ghcr.io/${{ github.repository }}/plugins/${{ matrix.image }}:${{ env.TAG_NAME }}
+
+      - name: Sign image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        run: cosign sign --yes ghcr.io/${{ github.repository }}/plugins/${{ matrix.image }}:${{ env.TAG_NAME }}@${DIGEST}