func verifyImageSignature()

in pre-sync/oci-image-verification/main.go [47:79]

• 28 lines of code
• 6 McCabe index (conditional complexity)

func verifyImageSignature(ctx context.Context, image string) error {
	if image == "" {
		return nil
	}

	pubKey, err := signature.LoadPublicKey(ctx, publicKeyPath)
	if err != nil {
		return fmt.Errorf("error loading public key: %v", err)
	}

	googleAuth, err := google.NewEnvAuthenticator(ctx)
	if err != nil {
		return err
	}

	opts := &cosign.CheckOpts{
		RegistryClientOpts: []ociremote.Option{ociremote.WithRemoteOptions(remote.WithAuth(googleAuth))},
		SigVerifier:        pubKey,
		IgnoreTlog:         true,
	}

	ref, err := name.ParseReference(image)
	if err != nil {
		return fmt.Errorf("failed to parse image reference: %v", err)
	}
	_, _, err = cosign.VerifyImageSignatures(ctx, ref, opts)
	if err != nil {
		return fmt.Errorf("image verification failed for %s: %v", image, err)
	}

	klog.Infof("Image %s verified successfully", image)
	return nil
}