From 148541e54a9a9eba19fd7e63226b01df25a6290f Mon Sep 17 00:00:00 2001
From: RJ Trujillo <eyecantcu@pm.me>
Date: Sun, 24 Dec 2023 06:42:39 -0700
Subject: [PATCH] chore(action): Tailor defaults for Universal Blue

---
 .github/workflows/test-actions.yml | 1 -
 sign/action.yml                    | 1 +
 verify/action.yml                  | 8 +++++---
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test-actions.yml b/.github/workflows/test-actions.yml
index 460f940..0c607bb 100644
--- a/.github/workflows/test-actions.yml
+++ b/.github/workflows/test-actions.yml
@@ -124,7 +124,6 @@ jobs:
         uses: ./verify
         with:
           containers: ${{ matrix.image_name }}
-          pubkey: ./cosign.pub
           registry: ghcr.io/${{ github.repository_owner }}
 
       - name: Echo outputs
diff --git a/sign/action.yml b/sign/action.yml
index bde366a..9611451 100644
--- a/sign/action.yml
+++ b/sign/action.yml
@@ -13,6 +13,7 @@ inputs:
     required: true
   registry:
     description: 'Registry where the container resides'
+    default: 'ghcr.io/ublue-os'
     required: true
   tags:
     description: 'Tags used by target container'
diff --git a/verify/action.yml b/verify/action.yml
index 8cb9e53..f06ddd4 100644
--- a/verify/action.yml
+++ b/verify/action.yml
@@ -10,12 +10,14 @@ inputs:
     required: true
   pubkey:
     description: 'Public key used by target container'
+    default: './cosign.pub'
     required: false
   oidc-issuer:
     description: 'The certificate OIDC issuer'
     required: false
   registry:
     description: 'Registry where the container resides'
+    default: 'ghcr.io/ublue-os'
     required: true
 runs:
   using: "composite"
@@ -33,10 +35,10 @@ runs:
     - name: Verify container
       shell: bash
       run: |
-        if [[ -n "${{ inputs.pubkey }}" ]]; then
-          cosign verify --key ${{ inputs.pubkey }} ${{ steps.normalized_registry.outputs }}/${CONTAINERS}
-        elif [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
+        if [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
           cosign verify ${{ steps.normalized_registry.outputs }}/${CONTAINERS} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }}
+        elif [[ -n "${{ inputs.pubkey }}" ]]; then
+          cosign verify --key ${{ inputs.pubkey }} ${{ steps.normalized_registry.outputs }}/${CONTAINERS}
         else
           exit 1
         fi