Remove co-sign checks (#3)

LeeGathercole · web-flow · commit 45d276d6cbac · 2025-05-22T13:37:16.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -81,19 +81,19 @@ jobs:
             org.opencontainers.image.source=${{ github.event.repository.html_url }}
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.version=${{ github.ref_name }}
-      - name: sign container image
-        run: |
-          cosign sign --yes --key env://COSIGN_KEY ghcr.io/nhs-digital/${{ env.IMAGE_NAME }}:${{ github.ref_name }}@${{ steps.build_push.outputs.digest }}
-        shell: bash
-        env:
-          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
-          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
-
-      - name: Check images
-        run: |
-          docker buildx imagetools inspect ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }}
-          docker pull ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }}
-          cosign verify --key cosign.pub ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }}
+#      - name: sign container image
+#        run: |
+#          cosign sign --yes --key env://COSIGN_KEY ghcr.io/nhs-digital/${{ env.IMAGE_NAME }}:${{ github.ref_name }}@${{ steps.build_push.outputs.digest }}
+#        shell: bash
+#        env:
+#          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+#          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+#
+#      - name: Check images
+#        run: |
+#          docker buildx imagetools inspect ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }}
+#          docker pull ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }}
+#          cosign verify --key cosign.pub ghcr.io/nhsdigital/${IMAGE_NAME}:${{ github.ref_name }}
       - uses: anchore/sbom-action@v0
         with:
           image: ghcr.io/nhsdigital/${{ env.IMAGE_NAME }}:${{ github.ref_name }}
