From f1e2b688a5eaef2f7c2dedc11538467a0073e418 Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Fri, 19 Sep 2025 22:42:14 -0400
Subject: [PATCH] use per-user container policy

---
 .forgejo/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
index e1071db..3ba723c 100644
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@@ -64,11 +64,14 @@ jobs:
             --cache-to   "$CACHE_REPO" \
             --cache-from "$CACHE_REPO" \
             --target deps \
+            --signature-policy ~/.config/containers/policy-ci.json \
             -f backend/Dockerfile.test-rust \
             -t "$PREBUILT_BACKEND_TEST_IMAGE:deps-${{ steps.cache-key.outputs.cache_key }}" \
             --layers
           
-          podman --remote push "$PREBUILT_BACKEND_TEST_IMAGE:deps-${{ steps.cache-key.outputs.cache_key }}"
+          podman --remote push \
+            --signature-policy ~/.config/containers/policy-ci.json \
+            "$PREBUILT_BACKEND_TEST_IMAGE:deps-${{ steps.cache-key.outputs.cache_key }}"
 
       - name: Build full test image with cached dependencies
         run: |
@@ -77,6 +80,7 @@ jobs:
             --layers \
             --cache-from "$CACHE_REPO" \
             --target runner \
+            --signature-policy ~/.config/containers/policy-ci.json \
             -f backend/Dockerfile.test-rust \
             -t "$PREBUILT_BACKEND_TEST_IMAGE:test-${{ github.sha }}" \
             .