feat(verify): Support verification of multiple containers at once

Requires they share the same public key/certificate

.github/workflows/test-actions.yml

@@ -122,7 +122,7 @@ jobs:
       - name: Verify image
         uses: ./verify
         with:
-          container: ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}
+          containers: ghcr.io/${{ github.repository_owner }}/${{ matrix.image_name }}
           pubkey: ./cosign.pub
 
       - name: Echo outputs

verify/action.yml

@@ -5,8 +5,8 @@ inputs:
   cert-identity:
     description: 'The identity certificate'
     required: false
-  container:
-    description: 'Path to target container to verify'
+  containers:
+    description: 'Paths to target containers'
     required: true
   pubkey:
     description: 'Public key used by target container'
@@ -31,11 +31,12 @@ runs:
       shell: bash
       run: |
         if [[ -n "${{ inputs.pubkey }}" ]]; then
-          cosign verify --key ${{ inputs.pubkey }} ${{ steps.container_case.outputs.lowercase }}
+          cosign verify --key ${{ inputs.pubkey }} ${CONTAINERS[@]}
         elif [[ -n "${{ inputs.cert-identity }}" && -n "${{ inputs.oidc-issuer }}" ]]; then
-          cosign verify ${{ steps.container_case.outputs.lowercase }} --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }}
+          cosign verify --certificate-identity=${{ inputs.cert-identity }} --certificate-oidc-issuer=${{ inputs.oidc-issuer }} ${CONTAINERS[@]}
         else
           exit 1
         fi
       env:
+        CONTAINERS: ${{ steps.container_case.outputs.lowercase }}
         COSIGN_EXPERIMENTAL: false