From d4eeaa51b2d39abc9ce81ac45ab78741ba9aa0b3 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 31 Jan 2023 13:07:39 -0800
Subject: [PATCH] robosignatory: add f39 signing before branching

This is an attempt to allow us to sign f38 with the f39 key also in
addition to the f38 one. Using this we can make a ugly loop that signs
all the stuff in the f38 tag with the f39 key. (Hopefully)

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/robosignatory/templates/robosignatory.toml.j2 | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2
index 01d8cff372..b310dec615 100644
--- a/roles/robosignatory/templates/robosignatory.toml.j2
+++ b/roles/robosignatory/templates/robosignatory.toml.j2
@@ -195,14 +195,17 @@ handlers = ["console"]
             file_signing_key = "fedora-38-ima"
             {% endif %}
 
+            # sign f38 also with the f39 key
+            # remove this after branching is over and replace with f39 tags
+
             [[consumer_config.koji_instances.primary.tags]]
-            from = "f38-rebuild"
-            to = "f38-rebuild"
-            key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}"
-            keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}"
+            from = "f38"
+            to = "f38"
+            key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}"
+            keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}"
             {% if env == "production" %}
             # ima file signing - enabled in f37
-            file_signing_key = "fedora-38-ima"
+            file_signing_key = "fedora-39-ima"
             {% endif %}
 
             [[consumer_config.koji_instances.primary.tags]]