feat(ci): Verify base image with cosign before building

Validate the integrity of base image being built from via cosign before continuing to build. Ensures we only build from signed images

Author: EyeCantCU

.github/workflows/build.yml

@@ -62,13 +62,18 @@ jobs:
           - base_name: bazzite-deck
             image_flavor: surface-nvidia
     steps:
-      - name: Maximize build space
-        uses: ublue-os/remove-unwanted-software@v6
-
       # Checkout push-to-registry action GitHub repository
       - name: Checkout Push to Registry action
         uses: actions/checkout@v4
 
+      - name: Verify base image
+        uses: EyeCantCU/cosign-action/[email protected]
+        with:
+          containers: ${{ matrix.base_image_name }}-${{ matrix.image_flavor }}:${{ matrix.major_version }}
+
+      - name: Maximize build space
+        uses: ublue-os/remove-unwanted-software@v6
+
       - name: Check just syntax
         uses: ublue-os/just-action@v1