chore(action): Tailor defaults for Universal Blue

.github/workflows/test-actions.yml

@@ -124,7 +124,6 @@ jobs:
         uses: ./verify
         with:
           containers: ${{ matrix.image_name }}
-          pubkey: ./cosign.pub
           registry: ghcr.io/${{ github.repository_owner }}
 
       - name: Echo outputs

sign/action.yml

@@ -13,6 +13,7 @@ inputs:
     required: true
   registry:
     description: 'Registry where the container resides'
+    default: 'ghcr.io/ublue-os'
     required: true
   tags:
     description: 'Tags used by target container'

verify/action.yml

@@ -10,12 +10,14 @@ inputs:
     required: true
   pubkey:
     description: 'Public key used by target container'
+    default: './cosign.pub'
     required: false
   oidc-issuer:
     description: 'The certificate OIDC issuer'
     required: false
   registry:
     description: 'Registry where the container resides'
+    default: 'ghcr.io/ublue-os'
     required: true
 runs:
   using: "composite"
@@ -33,10 +35,10 @@ runs:
     - name: Verify container
       shell: bash
       run: |
-        if [[ -n "${{ inputs.pubkey }}" ]]; then
-          cosign verify --key ${{ inputs.pubkey }} ${{ steps.normalized_registry.outputs }}/${CONTAINERS}
-        elif [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
+        if [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
           cosign verify ${{ steps.normalized_registry.outputs }}/${CONTAINERS} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }}
+        elif [[ -n "${{ inputs.pubkey }}" ]]; then
+          cosign verify --key ${{ inputs.pubkey }} ${{ steps.normalized_registry.outputs }}/${CONTAINERS}
         else
           exit 1
         fi