diff --git a/.github/workflows/docker-publish-api.yml b/.github/workflows/docker-publish-api.yml index 3920683..96d422a 100644 --- a/.github/workflows/docker-publish-api.yml +++ b/.github/workflows/docker-publish-api.yml @@ -80,7 +80,6 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - visibility: public # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker @@ -95,4 +94,4 @@ jobs: DIGEST: ${{ steps.build-and-push.outputs.digest }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + run: echo "${TAGS}" | xargs -I {} cosign sign --yes --force {}@${DIGEST} diff --git a/.github/workflows/docker-publish-updater.yml b/.github/workflows/docker-publish-updater.yml index b7ffd9d..ab8001d 100644 --- a/.github/workflows/docker-publish-updater.yml +++ b/.github/workflows/docker-publish-updater.yml @@ -80,7 +80,6 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max - visibility: public # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker @@ -95,4 +94,4 @@ jobs: DIGEST: ${{ steps.build-and-push.outputs.digest }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + run: echo "${TAGS}" | xargs -I {} cosign sign --yes --force {}@${DIGEST}