Add Cosign env pass-through

Signed-off-by: Ziwen Ning <[email protected]>

cmd/finch/nerdctl.go

@@ -125,6 +125,21 @@ func (nc *nerdctlCommand) run(cmdName string, args []string) error {
 			nerdctlArgs = append(nerdctlArgs, arg)
 		}
 	}
+	limaArgs := []string{"shell", limaInstanceName, "sudo"}
+
+	// The env variables are not passed through by `limactl shell` by default so we need to assign the variables explicitly.
+	// https://github.com/lima-vm/lima/issues/1419
+	ncEnvs := []string{"COSIGN_PASSWORD"}
+	var ncEnvArgs []string
+	for _, e := range ncEnvs {
+		v, b := nc.systemDeps.LookupEnv(e)
+		if b {
+			ncEnvArgs = append(ncEnvArgs, fmt.Sprintf("%s=%s", e, v))
+		}
+	}
+	limaArgs = append(limaArgs, ncEnvArgs...)
+	limaArgs = append(limaArgs, nerdctlCmdName, cmdName)
+
 	// to handle environment variables properly, we add all entries found via
 	// env-file includes to the map first and then all command line environment
 	// flags, making sure that command line overrides environment file options,
@@ -146,7 +161,7 @@ func (nc *nerdctlCommand) run(cmdName string, args []string) error {
 	}
 	finalArgs = append(finalArgs, nerdctlArgs...)
 
-	limaArgs := append([]string{"shell", limaInstanceName, "sudo", nerdctlCmdName, cmdName}, finalArgs...)
+	limaArgs = append(limaArgs, finalArgs...)
 
 	if nc.shouldReplaceForHelp(cmdName, args) {
 		return nc.creator.RunWithReplacingStdout([]command.Replacement{{Source: "nerdctl", Target: "finch"}}, limaArgs...)