From d994934015624d4d0ecc90602d69b017b53b21ba Mon Sep 17 00:00:00 2001
From: Kapil Agrawal <7047165+netops2devops@users.noreply.github.com>
Date: Thu, 16 Apr 2026 19:52:34 -0500
Subject: [PATCH 1/2] sign release binaries via cosign

---
 .github/workflows/ci.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index aee0a6b..ad10cda 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -198,6 +198,7 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/v')
     permissions:
       contents: write
+      id-token: write   # required for keyless cosign signing via OIDC
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -209,8 +210,14 @@ jobs:
           pattern: step-ca_*
           merge-multiple: true
 
-      - name: List artifacts
-        run: ls -la dist/
+      - name: Install cosign
+        uses: sigstore/cosign-installer@v3
+
+      - name: Sign binaries
+        run: |
+          for bin in dist/step-ca_*; do
+            cosign sign-blob --yes --bundle="${bin}.bundle" "$bin"
+          done
 
       - name: Get version
         id: version

From 6a9d240ead99f034070b18adaa4415bb03f64132 Mon Sep 17 00:00:00 2001
From: Kapil Agrawal <7047165+netops2devops@users.noreply.github.com>
Date: Thu, 16 Apr 2026 20:13:17 -0500
Subject: [PATCH 2/2] fix cert-manager example with annotation

---
 docs/content/user.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/content/user.md b/docs/content/user.md
index d1d6f40..348ed9c 100644
--- a/docs/content/user.md
+++ b/docs/content/user.md
@@ -621,6 +621,8 @@ kind: Gateway
 metadata:
   name: my-gateway
   namespace: infra
+  annotations:
+    cert-manager.io/cluster-issuer: acme-proxy
 spec:
   gatewayClassName: nginx
   listeners: