ci: Add cosign and syft to the cockpit workflow (#326)

* ci: Update Makefile to include operator-templating changes

* add cosign and syft to workflow

* add permission to publish job

* add oci credential envs

Author: xeniape

.github/workflows/pr_cockpit.yml

@@ -30,16 +30,11 @@ jobs:
     name: General Pull Request Checks
     uses: ./.github/workflows/pr_general.yml
 
-  reviewdog-checks:
-    name: Reviewdog Pull Request Checks
-    uses: ./.github/workflows/pr_reviewdog.yml
-
   check-charts:
     name: Helm Chart Check
     runs-on: ubuntu-latest
     needs:
       - general-checks
-      - reviewdog-checks
     steps:
       - name: Checkout Repository
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
@@ -76,9 +71,15 @@ jobs:
 
   publish:
     name: Publish Docker Image
+    permissions:
+      id-token: write
     runs-on: ubuntu-latest
     env:
       NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
+      OCI_REGISTRY_SDP_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_GITHUB_ACTION_BUILD_SECRET }}
+      OCI_REGISTRY_SDP_USERNAME: "robot$sdp+github-action-build"
+      OCI_REGISTRY_SDP_CHARTS_PASSWORD: ${{ secrets.HARBOR_ROBOT_SDP_CHARTS_GITHUB_ACTION_BUILD_SECRET }}
+      OCI_REGISTRY_SDP_CHARTS_USERNAME: "robot$sdp-charts+github-action-build"
     outputs:
       IMAGE_TAG: ${{ steps.printtag.outputs.IMAGE_TAG }}
     needs:
@@ -99,6 +100,12 @@ jobs:
         with:
           go-version: ${{ env.GO_VERSION }}
 
+      - name: Install cosign
+        uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
+
+      - name: Install syft
+        uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
+
       - name: Setup Rust Cache
         uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
         with: