docs(adr): Minor corrections to ADR 0008 and align with signing handler implementation

[morri-son]

Summary

Align ADR 0008 (Signing & Verification) with the actual RSA and Sigstore handler implementations.

• Fix consumer identity attributes: replace non-existent name with algorithm + signature
• Fix identity types: PEM/v1alpha1 → RSA/v1alpha1, RSASSA-PSS/v1alpha1 → RSASigningConfiguration/v1alpha1
• Fix sigstore types: sign.sigstore.dev/v1alpha1 → SigstoreSigningConfiguration/v1alpha1, verify.sigstore.dev/v1alpha1 → SigstoreVerificationConfiguration/v1alpha1
• Fix sigstore verification identity: PEM/v1alpha1 → TrustedRoot/v1alpha1
• Fix CLI flags in mermaid diagrams: --signer/--verifier → --signer-spec/--verifier-spec
• Update signer-spec/verifier-spec YAML examples to match implementation structs

Relates to: open-component-model/ocm-project#996

[netlify]

✅ Deploy Preview for ocm-website canceled.

Name	Link
🔨 Latest commit	2163078
🔍 Latest deploy log	https://app.netlify.com/projects/ocm-website/deploys/69e8d881615af00008f976a0

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates an Architecture Decision Record (ADR 0008) that documents signing and verification flows. The changes replace algorithm shorthand CLI flags with spec file references, rename handler type configurations for RSA and Sigstore implementations, and update the corresponding credential consumer identity types to match new handler specifications.

Changes

Cohort / File(s)

Summary

ADR 0008 Documentation Updates docs/adr/0008_signing_verification.md

Updated CLI examples from algorithm shorthand (--signer rsapss) to spec file references (--signer-spec ./rsapss.yaml). Renamed handler types: RSASSA-PSS handler from RSASSA-PSS/v1alpha1 to RSASigningConfiguration/v1alpha1, Sigstore handlers from sign.sigstore.dev/v1alpha1 / verify.sigstore.dev/v1alpha1 to SigstoreSigningConfiguration/v1alpha1 / SigstoreVerificationConfiguration/v1alpha1. Updated spec filenames and credential consumer identity types (RSA from PEM/v1alpha1 to RSA/v1alpha1, Sigstore from PEM-based to TrustedRoot/v1alpha1). Added algorithm and signature fields to configuration examples.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• chore: enhance CLI help: add example for signer spec and add some more explaining lines #1965: Updates documentation and CLI examples for the signer-spec flag usage.
• docs: add ADR for sigstore handler #2300: Adds a Sigstore-specific ADR alongside the handler type and configuration updates in this PR.

Suggested labels

size/m

Suggested reviewers

• jakobmoellerdev
• matthiasbruns

Poem

🐰 Hops through the docs with specs in paw,
Where --signer-spec is now the law!
RSA and Sigstore, renamed with care,
Configuration flows drift through the air,
Identity types bloom like spring clover,
The ADR's journey is finally over! 📜✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description comprehensively explains the changes, listing specific type/attribute replacements, CLI flag updates, and configuration adjustments that align the documentation with implementation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	The title directly relates to the main change: aligning ADR 0008 documentation with actual signing handler implementation, including corrections to type names, identity attributes, and CLI flags.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}