From 5e2e00106ff93adbb8fd82591b35a3841a6e42b6 Mon Sep 17 00:00:00 2001
From: bhushannemade <bhushan.nemade@devtron.ai>
Date: Mon, 12 Aug 2024 12:57:20 +0530
Subject: [PATCH 1/5] doc for cosign plugin

---
 docs/SUMMARY.md                   |  1 +
 docs/user-guide/plugins/cosign.md | 59 +++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 docs/user-guide/plugins/cosign.md

diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
index 7412526613..d5f9ab50fe 100644
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -135,6 +135,7 @@
     * [Code-Scan](user-guide/plugins/code-scan.md)
     * [Copacetic](user-guide/plugins/copacetic.md)
     * [Copy Container Image](user-guide/plugins/copy-container-image.md)
+    * [Cosign](user-guide/plugins/cosign.md)
     * [Dependency track - Maven & Gradle](user-guide/plugins/dependency-track-maven-gradle.md)
     * [Dependency track - NodeJS](user-guide/plugins/dependency-track-nodejs.md)
     * [Dependency track - Python](user-guide/plugins/dependency-track-python.md)
diff --git a/docs/user-guide/plugins/cosign.md b/docs/user-guide/plugins/cosign.md
new file mode 100644
index 0000000000..ff073fffb2
--- /dev/null
+++ b/docs/user-guide/plugins/cosign.md
@@ -0,0 +1,59 @@
+# Cosign
+
+## Introduction
+The **Cosign** plugin by Devtron enables secure signing of your container images. By integrating the Cosign plugin, you can enhance your supply chain security by ensuring authenticity, and integrity of your container image.
+
+### Prerequisites
+Before integrating the Cosign plugin, ensure that you have configured the Cosign account and have a set of private and public keys to sign the container images.
+
+---
+
+## Steps
+1. Go to **Applications** → **Devtron Apps**.
+2. Click your application.
+3. Go to **App Configuration** → **Workflow Editor**.
+4. Click **New Workflow** and navigate to the **Build and Deploy from Source Code**.
+5. Fill the required fields in the **Create build pipeline** window and navigate to the **Post-build stage**.
+
+{% hint style="warning" %}
+If you have already configured workflow, edit the build pipeline, and navigate to **Post-build stage**.
+{% endhint %}
+
+6. Under 'TASKS', click the **+ Add task** button.
+7. Click the **Cosign** plugin.
+8. Enter the following [user inputs](#user-inputs) with appropriate values.
+---
+
+## User Inputs
+
+### Task Name
+Enter the name of your task
+
+e.g., `Signing the Docker image`
+
+### Description
+Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.
+
+e.g., `The Cosign plugin is integrated for  ensuring the authenticity of container images.`
+
+### Input Variables
+
+| Variable                 | Format       | Description | Sample Value |
+| ------------------------ | ------------ | ----------- | ------------ |
+|   PrivateKeyFilePath     |    STRING    | Path of private key file in Git repo           |    cosign/cosign.key                            |
+|   PostCommand            |    STRING    | Command to run after image is signed by Cosign |    cosign verify $DOCKER_IMAGE                            |
+|   ExtraArguments         |    STRING    | Arguments for Cosign command                   |    --certificate-identity=name@example.com                            | 
+|   CosignPassword         |    STRING    | Password for Cosign private key                |   S3cur3P@ssw0rd123!                   |
+|   VariableAsPrivateKey   |    STRING    | base64 encoded private-key                     |   LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS   |
+|   PreCommand             |    STRING    | Command to get the requried conditions to execute Cosign command | curl -sLJO https://raw.githubusercontent.com/devtron-labs/sampleRepo/branchName/private             |
+
+### Trigger/Skip Condition
+Here you can set conditions to execute or skip the task. You can select `Set trigger conditions` for the execution of a task or `Set skip conditions` to skip the task.
+
+### Output Variables
+Cosign will not be generating an output variable.
+
+Click **Update Pipeline**.
+
+
+

From 01c846b289f14b204481f490412348bb88221264 Mon Sep 17 00:00:00 2001
From: bhushannemade <bhushan.nemade@devtron.ai>
Date: Mon, 12 Aug 2024 13:00:42 +0530
Subject: [PATCH 2/5] edits in task name

---
 docs/user-guide/plugins/cosign.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/user-guide/plugins/cosign.md b/docs/user-guide/plugins/cosign.md
index ff073fffb2..0e58b179bc 100644
--- a/docs/user-guide/plugins/cosign.md
+++ b/docs/user-guide/plugins/cosign.md
@@ -29,7 +29,7 @@ If you have already configured workflow, edit the build pipeline, and navigate t
 ### Task Name
 Enter the name of your task
 
-e.g., `Signing the Docker image`
+e.g., `Signing of container images`
 
 ### Description
 Add a brief explanation of the task and the reason for choosing the plugin. Include information for someone else to understand the purpose of the task.

From 18672a7c493d5312b9aa432be885d127912f67b7 Mon Sep 17 00:00:00 2001
From: bhushannemade <bhushan.nemade@devtron.ai>
Date: Mon, 12 Aug 2024 13:16:14 +0530
Subject: [PATCH 3/5] updates in intro and other fixes.

---
 docs/user-guide/plugins/cosign.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/user-guide/plugins/cosign.md b/docs/user-guide/plugins/cosign.md
index 0e58b179bc..d4ada992af 100644
--- a/docs/user-guide/plugins/cosign.md
+++ b/docs/user-guide/plugins/cosign.md
@@ -1,10 +1,10 @@
 # Cosign
 
 ## Introduction
-The **Cosign** plugin by Devtron enables secure signing of your container images. By integrating the Cosign plugin, you can enhance your supply chain security by ensuring authenticity, and integrity of your container image.
+The **Cosign** plugin by Devtron enables secure signing of your container images, enhancing supply chain security. It authenticates your identity as the creator and ensures image integrity, allowing users to verify the source and detect any tampering. This provides greater assurance to developers incorporating your artifacts into their workflows.
 
 ### Prerequisites
-Before integrating the Cosign plugin, ensure that you have configured the Cosign account and have a set of private and public keys to sign the container images.
+Before integrating the Cosign plugin, ensure that you have configured the Cosign and have a set of private and public keys to sign the container images.
 
 ---
 
@@ -40,12 +40,12 @@ e.g., `The Cosign plugin is integrated for  ensuring the authenticity of contain
 
 | Variable                 | Format       | Description | Sample Value |
 | ------------------------ | ------------ | ----------- | ------------ |
-|   PrivateKeyFilePath     |    STRING    | Path of private key file in Git repo           |    cosign/cosign.key                            |
+|   PrivateKeyFilePath     |    STRING    | Path of private key file in Git repo           |    cosign/cosign.key                                      |
 |   PostCommand            |    STRING    | Command to run after image is signed by Cosign |    cosign verify $DOCKER_IMAGE                            |
-|   ExtraArguments         |    STRING    | Arguments for Cosign command                   |    --certificate-identity=name@example.com                            | 
+|   ExtraArguments         |    STRING    | Arguments for Cosign command                   |    --certificate-identity=name@example.com                                      | 
 |   CosignPassword         |    STRING    | Password for Cosign private key                |   S3cur3P@ssw0rd123!                   |
-|   VariableAsPrivateKey   |    STRING    | base64 encoded private-key                     |   LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS   |
-|   PreCommand             |    STRING    | Command to get the requried conditions to execute Cosign command | curl -sLJO https://raw.githubusercontent.com/devtron-labs/sampleRepo/branchName/private             |
+|   VariableAsPrivateKey   |    STRING    | base64 encoded private-key                     |   @{{COSIGN_PRIVATE_KEY}}   |
+|   PreCommand             |    STRING    | Command to get the required conditions to execute Cosign command | curl -sLJO https://raw.githubusercontent.com/devtron-labs/sampleRepo/branchName/private             |
 
 ### Trigger/Skip Condition
 Here you can set conditions to execute or skip the task. You can select `Set trigger conditions` for the execution of a task or `Set skip conditions` to skip the task.

From 7e574b160405e0a7af284aea8f4d47f93938fb2e Mon Sep 17 00:00:00 2001
From: Bhushan Nemade <bhushan.nemade@devtron.ai>
Date: Wed, 28 Aug 2024 15:38:27 +0530
Subject: [PATCH 4/5] Attached link to Cosign GitHub repo

---
 docs/user-guide/plugins/cosign.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/user-guide/plugins/cosign.md b/docs/user-guide/plugins/cosign.md
index d4ada992af..2557ccdbbd 100644
--- a/docs/user-guide/plugins/cosign.md
+++ b/docs/user-guide/plugins/cosign.md
@@ -1,7 +1,7 @@
 # Cosign
 
 ## Introduction
-The **Cosign** plugin by Devtron enables secure signing of your container images, enhancing supply chain security. It authenticates your identity as the creator and ensures image integrity, allowing users to verify the source and detect any tampering. This provides greater assurance to developers incorporating your artifacts into their workflows.
+The [**Cosign**](https://github.com/sigstore/cosign) plugin by Devtron enables secure signing of your container images, enhancing supply chain security. It authenticates your identity as the creator and ensures image integrity, allowing users to verify the source and detect any tampering. This provides greater assurance to developers incorporating your artifacts into their workflows.
 
 ### Prerequisites
 Before integrating the Cosign plugin, ensure that you have configured the Cosign and have a set of private and public keys to sign the container images.

From 8627279fb7e010da957f05b4a15ed82b75cc8e0a Mon Sep 17 00:00:00 2001
From: Bhushan Nemade <bhushan.nemade@devtron.ai>
Date: Wed, 28 Aug 2024 15:54:13 +0530
Subject: [PATCH 5/5] Hyperlink fixes

---
 docs/user-guide/plugins/cosign.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/user-guide/plugins/cosign.md b/docs/user-guide/plugins/cosign.md
index 2557ccdbbd..d91fbb2d3e 100644
--- a/docs/user-guide/plugins/cosign.md
+++ b/docs/user-guide/plugins/cosign.md
@@ -1,10 +1,10 @@
 # Cosign
 
 ## Introduction
-The [**Cosign**](https://github.com/sigstore/cosign) plugin by Devtron enables secure signing of your container images, enhancing supply chain security. It authenticates your identity as the creator and ensures image integrity, allowing users to verify the source and detect any tampering. This provides greater assurance to developers incorporating your artifacts into their workflows.
+The **Cosign** plugin by Devtron enables secure signing of your container images, enhancing supply chain security. It authenticates your identity as the creator and ensures image integrity, allowing users to verify the source and detect any tampering. This provides greater assurance to developers incorporating your artifacts into their workflows.
 
 ### Prerequisites
-Before integrating the Cosign plugin, ensure that you have configured the Cosign and have a set of private and public keys to sign the container images.
+Before integrating the Cosign plugin, ensure that you have configured the [Cosign](https://github.com/sigstore/cosign) and have a set of private and public keys to sign the container images.
 
 ---