Skip to content

Commit

Permalink
fix: update cosign command and pin install (ublue-os#53)
Browse files Browse the repository at this point in the history
joshua-stone authored Mar 3, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 2ab8ce6 commit 431cb39
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -183,7 +183,7 @@ jobs:
--disable-content-trust
# Sign container
- uses: sigstore/cosign-installer@main
- uses: sigstore/cosign-installer@v3.0.1

# Only needed when running `cosign sign` using a key
- name: Write signing key to disk
@@ -203,7 +203,7 @@ jobs:

- name: Sign container image
run: |
cosign sign --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ steps.build_image.outputs.image }}@${TAGS}
env:
TAGS: ${{ steps.push.outputs.digest }}
COSIGN_EXPERIMENTAL: false

0 comments on commit 431cb39

Please sign in to comment.