From ab654c9f1690c16ca30d13ab0537c330dda03315 Mon Sep 17 00:00:00 2001
From: fiftydinar <65243233+fiftydinar@users.noreply.github.com>
Date: Sun, 1 Dec 2024 21:56:24 +0100
Subject: [PATCH] chore(signing): Fix `jq` command for modifying `policy.json`

---
 modules/signing/signing.sh | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/modules/signing/signing.sh b/modules/signing/signing.sh
index 47592ae7..f1565a6b 100644
--- a/modules/signing/signing.sh
+++ b/modules/signing/signing.sh
@@ -34,18 +34,19 @@ fi
 
 POLICY_FILE="$CONTAINER_DIR/policy.json"
 
-yq -i -o=j '.transports.docker |=
-    {"'"$IMAGE_REGISTRY"'/'"$IMAGE_NAME"'": [
-            {
-                "type": "sigstoreSigned",
-                "keyPath": "/etc/pki/containers/'"$IMAGE_NAME_FILE"'.pub",
-                "signedIdentity": {
-                    "type": "matchRepository"
-                }
+jq --arg image_registry "$IMAGE_REGISTRY" \
+   --arg image_name "$IMAGE_NAME" \
+   --arg image_name_file "$IMAGE_NAME_FILE" \
+   '.transports.docker |= 
+    { ($image_registry + "/" + $image_name): [
+        {
+            "type": "sigstoreSigned",
+            "keyPath": ("/etc/pki/containers/" + $image_name_file + ".pub"),
+            "signedIdentity": {
+                "type": "matchRepository"
             }
-        ]
-    }
-+ .' "$POLICY_FILE"
+        }
+    ] } + .' "$POLICY_FILE" > /tmp/tmp-policy.json && mv /tmp/tmp-policy.json "$POLICY_FILE"
 
 mv "$MODULE_DIRECTORY/signing/registry-config.yaml" "$CONTAINER_DIR/registries.d/$IMAGE_NAME_FILE.yaml"
 sed -i "s ghcr.io/IMAGENAME $IMAGE_REGISTRY g" "$CONTAINER_DIR/registries.d/$IMAGE_NAME_FILE.yaml"